DIGITAL  MANUFACTURING:  LOTS  OF  TRIAL,  VERY  LITTLE  ERROR  Page58 


THE  RESOURCE  FOR  INFORMATION  EXECUTIVES 


NEW  SERIES 

What 
The  CEO 

Wants 
From 
You 

7-Eleven  CEO 
James  Keyes 
needs  his  CIO 
to  keep  him  in 
touch  with  what 
customers  want 


Page  52 


Your  potential.  Our  passion .” 


Microsoft 


An  upgrade  to  Microsoft  Windows  Server  System  made 
it  possible  for  50,000  worldwide  employees  at  Nissan 
Motor  Company  to  have  more  secure  remote  access  to 
their  e-mail  and  calendars  from  any  Internet  connection, 
without  the  hassle  and  expense  of  a  VPN.  Here's  how:  By 
deploying  Windows  Server  2003  and  Exchange  2003, 
not  only  did  Nissan  IT  meet  the  CEO's  demand  for  better 
global  collaboration,  they  expect  to  save  at  least  $135 
million  by  streamlining  their  messaging  infrastructure. 
To  get  the  full  Nissan  story  or  find  a  Microsoft  Certified 
Partner,  go  to  microsoft.com/wssystem 


"At  Nissan,  we  expect  to  save  at  least  $135 
million  annually  thanks  to  the  efficiencies 
that  Windows  Server  2003  and  Exchange 
Server  2003  are  helping  us  achieve." 

Toshihiko  Suda 

Senior  Manager,  Nissan  Motor  Company,  Ltd. 


Windows  Server  System'”  includes: 


Server  Platform 

Windows  Server 

Virtualization 

Virtual  Server 

Data  Management  &  Analysis 

SQL  Server™ 

Communications 

Exchange  Server 

Portals  &  Collaboration 

Office  SharePoint*  Portal  Server 

Integration 

BizTalk*  Server 

Management 

Systems  Management  Server 

Microsoft*  Operations  Manager 

Security 

Internet  Security  &  Acceleration  Server 

Plus  other  software  products 


NAME 


Mr.  50,000  Global 
Remote  and  Mobile 
Users  Connected 
Without  a  VPN. 


NISSAN 


HH 


An  v  Ware 


0pg«I| 

L 


.  />■<  y  :0s'  -ifx 


MM*™ 


Color  imageRUNNER  C3220 


more  beautifully.  That’s  why  Canon  has 


added  a  new  addition  to  our  imageRUNNER 


line.  With  the  new  Color  imageRUNNER  C3220 


y  changed  color  in  the  office. 


And  with  it,  your  perspective  on  the  day. 


Nothing  helps  you  improve  your  perspective 


on  the  day  quite  like  the  ability  to  do  things 


a  little  better,  a  little  faster,  and  a  little 


and  imageWARE  Publishing  Manager 


Software,  you  can  create,  publish  and  print 


professional-quality  color  booklets,  brochures 


and  manuals.  You  can  even  scan  and  e-mail 


color  documents.  All  in  house,  and  all  from 


the  comfort  of  your  desktop.  And  with  the 


Color  imageRUNNER  C3220,  productivity 


increases  while  color  stays  fast  and  affordable 


How’s  that  for  working  the  way  you  need  to? 


www.imagerunner.com  1-800-0  K-CAN  ON 


States  andnjay 


Dries  opfiwal. 


num  0/S,  hardware1 


mm 


Vetl70n  wireless 

We  never  stop  working  for  you. 


Pocket  PC 


Receive  emails 
automatically 


Microsoft  Windows  Mobile™ 
Pocket  PC  software 


Full-featured 
mobile  phone 


Bluetooth®  enabled 


Slide  design  reveals  easy-to-use 
QWERTY  keyboard 


C,  Monday,  October  18,  2004 
CO  Owner:  George  Jiang 
jp  Eva's  Birthday 
Team  Meeting 

10:30AM*U  :00AM  (Coo?  room) 

Lunch  w/Sam  &  Griffin 
12:00PM-1:00PM  (Cafe) 


B.  1  Active 


1  niff 

XV6600 


Get  VZEmail  with  Wireless  Sync  and  get  on-the-go, 
automatically-updated,  instantly-productive  email. 

Only  Verizon  Wireless  has  VZEmailSM  with  Wireless  Sync,  So  your  employees  receive  their  email  automatically  on  their  XV6600. 
No  need  to  keep  checking  an  inbox,  because  Wireless  Sync  gives  the  XV6600  always  on  access  to  email,  contacts,  calendar 
updates,  and  important  information.  All  in  rich,  high-resolution  color.  Plus,  employees  can  also  make  calls,  browse  the  Web,  and  send 
and  receive  large  attachments  on  the  Verizon  Wireless  high-speed  data  network  for  increased  productivity  outside  the  office.  It’s  just 
one  more  reason  that  for  all  your  company’s  wireless  needs,  we  mean  business. 

Contact  our  business  representatives  at  1.800.VZW.4BIZ  or  log  on  to  verizonwireless.com 


Subject  to  Customer  Agreement,  Calling  Plans  and  credit  approval.  Must  be  within  National  Enhanced  Services  Rate  &  Coverage  Area  and  your  desktop  must  be  on  and  in  a  condition  to  receive  email. 

©2005  Verizon  Wireless 


COVER  PHOTO  BV  CHARLES  FORD 


"The  opportunities 
for  change  are 
never  ending. 
Achieving  the  right 
balance  between 
finishing  what 
we've  got  versus 
keeping  an  eye  on 
new  and  better 
technology  is  the 
challenge,”  says 
James  Keyes, 
president  and  CEO, 
7-Eleven. 


THE  TAO  OF  AGILITY  |  CIO.COM 

Read  an  excerpt  from  Mike  Hugos’  book, 
Building  the  Real-Time  Enterprise:  An  Executive 
Briefing.  Go  to  www.cio. com/051505. 


Application  Development 

MAKING  IT  ON  THEIR  OWN  |  71 

End  user  developers  are  everywhere. 

The  key  is  getting  them  to  work  for  you. 

Essential  Technology  feature  by  Megan  Santosus 

Manufacturing  Systems 

VIRTUALLY  FLAWLESS?  |  58 

Using  real-time  simulations,  manufacturers 
are  working  out  kinks  in  their  processes  and 
plant  layouts— before  bending  metal  and 
without  building  costly  prototypes. 

Feature  by  Beth  Stackpole 

Monitoring  Technologies 

WATCH  CAREFULLY  |  66 

New  monitoring  and  tracking  technologies, 
plus  a  wary  workforce,  can  spell  trouble  for 
CIOs  who  forget  they’re  dealing  with  people— 
not  applications.  Here’s  how  not  to  mess  up. 

Feature  by  Christopher  Lindquist 


Executive  Expectations 

COVER  STORY 

WHO’S  MINING  THE  STORE?  52 

In  the  first  of  a  series  of  “View  from  the  Top  inter¬ 
views,  7-Eleven  President  and  CEO  James  Keyes  says 
the  role  of  IT  is  to  help  the  company  sell  more  stuff  by 
creatively  using  point-of-sale  data. 

Interview  by  Christopher  Koch 


Agility 

THE  TAO  OF  SUPPLY  CHAINS  |  38 

The  CIO  of  a  national  distributor  says  the 
lessons  he  gleaned  from  a  2,500-year-old 
Taoist  philosopher  helped  him  come  up  with 
a  low-cost  inventory  system  that  worked. 

Peer  to  Peer  column  by  Mike  Hugos 


ohtent 

MAY/15/2005  I  VOL/18  I  NO/15 


THE  NEW  ACCOUNTABILITY  |  42 

The  board  of  directors’  growing  involvement  and  interest  in  all  things 
IT  can  be  good  for  CIOs,  but  only  if  they  are  prepared. 

From  the  Boardroom  column  by  Jim  Cash  with  Keri  Pearlson 


FROM  THE  TOP  10 

Why  we  all  need  to  hear  from  the  CEO  once  in  a  while. 

Column  by  Richard  Pastore 


ASK  THE  EXPERT  CIO.COM 

University  of  Toronto  professor  David  Zweig’s 
research  examines  organizations’  employee 
monitoring  practices,  specifically  identifying 
where  the  line  is  crossed  between  the  benign 
and  the  invasive.  Tap  him  for  advice  at 
www.cio.com/expert. 

more  » 


www.cio.com  |  MAY  15,  2005 


5 


content  (cont.) 


“The  manufacturing  industry  in  North  America  is  under  global  attack,  and  the  only  way 
to  compete  is  to  be  better  than  the  rest  of  the  globe.  That’s  why  it’s  so  critical  to  leverage 
the  technology  tools,"  says  Abdallah  Shanti,  CIO,  American  Axle  &  Manufacturing. 


■yj 


DEPARTMENTS 


Trendlines  |  23 

Wireless  |  The  Wi-Fi  Backlash 

Security  |  Prying  Eyes 

Predictions  |  Top  Technology 
Priorities  for  CIOs  in  2005 

Washington  Watch  j 

Bills  Target  ID  Theft 

Identity  Theft  |  ID  Insur¬ 
ance  a  New  HR  Benefit 

By  the  Numbers  | 

IT  Workers  Stressed, 
but  Happy 

Book  Review  |  Get  Them  on 
Your  Side:  Convert  Skeptics, 

Results 

Education  |  B-School  Grads  Are  Learning  the  Code 

Essential  Technology  j  71 

Application  Development  |  Making  It  on  Their  Own 
Under  Development  |  Betting  on  Broken  Chips 
Pundit  |  Smart  Services  Bundle  ByEricKnorr 

! 

From  the  Publisher  |  78 

Blogs  are  gaining  popularity  as  a  way  to  get 
and  disseminate  information.  But  beware  the  blog¬ 
ger’s  motives  and  lack  of  professionalism. 

By  Gary  Beach 

Inbox  |  18 
Index  !  82 

Executive  Summaries  |  84 


Outsourcing  Security 

DON’T  MAROON  SECURITY  |  46 

Sure,  you  can  save  money  by  working  with  a  vendor  in  a  faraway 
land.  But  don’t  trust  the  outsourcer  to  install  the  right  security 
protections.  Verify  that  your  relationship  is  cost-effective  and  safe. 

Feature  by  Christopher  Koch 

Staff  Development 

LIGHTS,  CAMERA,  I.T.  ACTION!  |  34 

If  CIOs  are  serious  about  alignment,  they  might  want  to  encourage 
their  staffs  to  pick  up  video  cameras  and  record  users  in  action. 

Column  by  Michael  Schrage 


Wh(o)t's  Hot  Online 


A  LITTLE  HELP  FROM  YOUR  FRIENDS 

Need  a  fresh  viewpoint  from  the  business  schools? 
Want  to  tap  into  the  latest  consultants’  thinking 
without  the  consultants’  prices?  We  have  top-of- 
mind  reports  from  Forrester  and  Gartner,  Bearing- 
Point  and  Accenture,  Tuck  and  Wharton  (among 
others).  Check  out: 


»  Analyst  Cornerat  www2.cio.com/analyst 
»  Consultants'  Briefing  at  www2.cio.com/consultant 
»  Higher  Learningat  www2.cio.com/higher 


6  MAY  15,  2005  |  www.cio.com 


Samsung’s  Four  Seasons  of  Hope,  Sears  and  Boomer  Esiason  have  teamed  up 
to  make  a  difference  in  the  community.  The  funds  we  raise  help  to  find  a  cure 
for  cystic  fibrosis.  The  Boomer  Esiason  Foundation  has  raised  over  $35  million 
dollars  and  is  advancing  the  cause  through  partnerships  with  companies  like 
Samsung  and  Sears.  We’re  proud  to  support  this  deserving  cause.  To  find  out 
how  you  can  help,  contact  the  Boomer  Esiason  Foundation  at  212-525-7777. 
Samsung’s  Four  Seasons  of  Hope.  A  little  hope  can  make  a  big  difference. 
www.fourseasonsofhope.com 


PUTTING  OUR  SOLARIS™  PARTNERS 
TEN  MOVES  AHEAD 


1 .  APPLICATIONS  CAN  RUN  UP  TO  30  TIMES  FASTER 

2.  ACCESS  TO  OPENSOLARIS  “  AND  OVER  1 ,600  PATENTS 

3.  IP  INDEMNIFICATION 

4.  REAL  TIME  APPLICATION  DEBUGGING  WITH  SOLARIS™ 
DYNAMIC  TRACING 

5.  AUTOMATED  WORKLOAD  MANAGEMENT  WITH  SOLARIS 
CONTAINERS 

6.  AUTOMATED  AVAILABILITY  SERVICES  WITH  PREDICTIVE 
SELF-HEALING 


7.  WORLD’S  MOST  ADVANCED  SECURITY  FEATURES  -  BUILT  IN 

V 

8.  SAME  OS  ON  MORE  THAN  360  SPARC® ,  AMD  OPTERON" 
AND  INTEL  SYSTEMS 


9.  ACCESS  TO  85%  OF  FORTUNE  500  IT  ORGANIZATIONS, 
RUNNING  THE  SOLARIS  OS 

1 0.  APPLICATIONS  GUARANTEED  FROM  RELEASE  TO  RELEASE, 
PLATFORM  TO  PLATFORM* 

MOVE  AHEAD  TODAY  WITH  SUN  AT 
SUN.COM/PARTNERS/1  OMOVES 


^S, 


microsystems 

The  Network  is  the  Computer 


i, 

soLaris 


©  2005  SUN  MICROSYSTEMS,  ING.  ALL  RIGHTS  RESERVED.  SUN,  SUN  MICROSYSTEMS,  THE  SUN  LOGO,  SOLARIS,  THE  SOLARIS  LOGO  AND  THE  NETWORK  IS  THE  COMPUTER  ARE  TRADEMARKS  OR  REGISTERED  TRADE¬ 
MARKS  OF  SUN  MICROSYSTEMS,  INC.  IN  THE  UNITED  STATES  AND  OTHER  COUNTRIES.  ALL  SPARC  TRADEMARKS  ARE  USED  UNDER  LICENSE  AND  ARE  TRADEMARKS  OR  REGISTERED  TRADEMARKS  OF  SPARC  INTERNATIONAL, 
INC.  IN  THE  UNITED  STATES  AND  OTHER  COUNTRIES.  *SEE  SOLARIS  APPLICATION  GUARANTEE  PROGRAM  FOR  MORE  DETAILS.  URL:  http://WWW.SUN.COM/SERVICE/SUPPORT/SOFTWARE/SOLARIS/SOLARIS_GUARANTEE.HTML 


GREAT  PARTNERSHIPS  BEGIN  WITH  SUN 


MORE  THAN  1,300  APPLICATIONS  FOR  SOLARIS  ON  X86/X64  SYSTEMS 


8D  Technologies 


The  Design  Verification  Company 


* 

aiNFO. 


0 


A  bmcsoftware 


Software 


i  dlv.  ;»'C  i  h  "  TJ^  i 


a 

Computer  Associates* 


Q  DeepMines 

•Mh'  TECHNOLOGIES 


S  E  C  U  R  ITV  SOLUTIONS 


EAG 


Fat  Wire 

SOFTWARE 


SOFTWARE  SYSTEMS 
A  FLEXTRONICS  COMPANY 


'HiAifaiv ttffe 


l  f\l  C  O  G  E  N 


iG.0hyer.geru  Billing  6  Seltlemenl  Sfillrtlpris 


IONA 


LINING 

Liming  Network  Systems 


icm 


V>  MESSAGEGATE 

P  mfeet\  M  &  u  i  to  r ,  Co  fin  »/ . 


* 

metapa 


SOFTWARE 


ROGUE  WAVE 

S  0  F  1  W  A  I!  F 

Olinvihll  h  I  'y  i  <4 1  <‘A  f 


a 


SeeBeyond 

THE  VlSiONARY  LEADER 


sonic 

SOFTWARE' 


SOPHOS 


SUNGARD 


Sybase 

The  Enterprise.  Unwired 


VeriSigir 


--  SYMARK  ^|TARANTE//A 


VERITAS 


VoiceGeme 


KCHNOIOCKS  <NC 


ATIBCO 

The  Power  of  Now* 


WOLFRAMRESEARCH 

www.wolfram.com 

£  •  ‘it 

L®!Pf  .'5*  L‘ 


O  2006  SUN  MICROSYSTEMS.  INC  ALL  RIGHTS  RESERVED.  SUN,  SUN  MICROSYSTEMS,  THE  SUN  LOGO.  SOLARIS  AND  THE  NETWORK  IS  THE  COMPUTER  ARE  TRADEMARKS  OR  REGISTERED  TRADEMARKS  OF  SUN  MICROSYSTEMS 
INC.  IN  THE  UNITED  STATES  AND  OTHER  COUNTRIES. 


FROM  THE  EDITOR 


T 


From  the  Top 


Why  we  a! I  need  to  hear 
from  the  CEO 


!  i 


In  this  issue,  we  inaugurate  two  series  of  articles  to  help  you  connect  with  the  often 
inscrutable  expectations  of  your  fellow  CXOs  and  the  board.  In  the  new  column,  “From  the 
Boardroom”  (Page  42),  retired  Harvard  Business  School  professor  Jim  Cash  will  relate  his 
insider  experience  with  company  boards  to  demystify  and  predict  what  they  will  demand 
from  the  CIO.  In  the  new  “View  from  the  Top”  series  of  interviews  (see  Page  52),  CEOs,  pres¬ 
idents  and  CFOs  of  major  companies  will  delineate  their  views  on  IT  in  their  businesses. 
They’ll  explain  IT’s  role  in  their  most  important  business  priorities,  describe  how  they  per¬ 
sonally  affect  the  success  of  the  IT  function  and  tell  what  they  expect  from  their  CIOs.  With 
these  articles,  we  hope  to  help  CIOs  who  are  struggling  with  what  they’ve  told  us  is  their 
number-one  barrier  to  effectiveness: 

“Unrealistic  or  unknown  expectations 
from  the  business.” 

You  can’t  expect  CEOs  to  reveal  all  their 
deepest,  darkest  thoughts  about  IT  in  a 
public  venue  like  CIO.  But  just  getting 
them  to  say  anything  substantive  about 
their  relationship  with  IT  will  have  con¬ 
siderable  value.  This  was  underscored  for 
me  at  the  CIO  Perspectives  conference  in  Florida  earlier  this  year,  when  Ray  Thomas, 
CEO  of  Zurich  North  America  Small  Business,  took  the  stage  for  a  live  “View  from  the  Top” 
presentation  delivered  to  an  audience  of  200-plus  IT  execs. 

Actually,  Thomas  didn’t  go  on  stage  at  all.  He  stayed  on  the  carpet,  on  the  same  level  as 
his  audience.  He  talked  about  how  much  he  valued  IT’s  contribution  to  reducing  insurance 
application  processing  time  (he  gave  the  IT  team  Swiss  Army  watches  to  celebrate  break¬ 
ing  the  five-minute  barrier).  He  related  how  he  helps  set  goals  and  leaves  execution  to  his 
CIO.  He  also  revealed  how  he  sometimes  screws  up  by  asking  IT  to  do  too  much  in  too  lit¬ 
tle  time;  how  he  pays  attention  to  IT  project  success  metrics;  and  how  he’s  working  with  his 
CIO  to  bring  new  services  and  systems  to  Zurich’s  next  generation  of  customers. 

When  Thomas  finished,  he  invited  questions.  But  the  first  CIO  to  speak  didn’t  imme¬ 
diately  ask  one.  First  he  said,  “Thank  you.”  It  was  one  of  those  heartfelt  thank  yous,  the  kind 
you  give  to  someone  who  has  reached  out  to  you,  done  something  for  you  that  you  never 
expected  and  given  you  something  you  don’t  usually  get.  Thank  you,  Mr.  Thomas.  Thank 
you  for  thinking  about  IT,  for  considering  your  impact  on  us  for  good  and  bad,  for  setting 
a  direction. 

Thank  you  for  doing  what  we  wish  our  own  CEOs  would  do. 

If  you  are,  or  know  of,  a  CEO  or  other  CXO  (not  from  an  IT  vendor  or  IT  consultancy)  who 
might  like  to  be  interviewed  for  our  “View  from  the  Top”  series,  contact  Senior  Editor 
Elana  Varon  at  evaron@cio.com. 


pastore(g)cio.com 


You  can't  expect  CEOs  to 
reveal  all  their  deepest, 
darkest  thoughts  on  IT. 

Just  getting  them  to  say 
anything  substantive  about 
their  relationship  to  IT  will 
have  considerable  value. 


i  o 


MAY  15 


2005  |  www.cio.com 


PHOTO  BY  ANDREA  FISCHMAN 


Where  IP  and  telecom  unite. 
Where  security  is  offensive,  not  defensive. 
Where  e-commerce  is  safe  commerce. 
Where  content  is  mobile  and  personal. 

Where  infrastructure  is  more  intelligent. 


FIND 


VeriSign! 

Where  it  all  comes  together; 


Billions  of  times  each  day,  the  world  interacts  with  a  company 
you  may  not  realize  is  there.  One  that  is  driving  dynamic 
transformations  at  the  very  core  of  commerce  and  communications. 
VeriSign."  Through  our  Intelligent  Infrastructure  Services,  we  enable 
businesses  and  individuals  to  find,  connect,  secure,  and  transact 
across  today’s  complex  Internet,  telecom,  and  converged  networks. 

We  operate  the  systems  that  manage  .com  and  .net,  handling 
14-billion  Web  addresses  and  emails  every  day.  We  run  one  of  the 
largest  telecom  signaling  networks  in  the  world,  enabling  services 
such  as  cellular  roaming,  text  messaging,  caller  ID,  and  multi- 
media  messaging.  We  manage  network  and  user  security  for  over 
3,000  global  businesses  and  400,000  Web  sites.  And  we  handle 


over  30  percent  of  all  e-commerce  transactions  in  North  America, 
processing  $100-million  in  daily  sales.  As  next-generation  networks 
emerge  and  converge,  VeriSign  will  be  there,  deploying  the 
Intelligent  Infrastructure  Services  necessary  for  everything  from 
RFID-enabled  supply  chains  to  inter-enterprise  VoIP  to  mobile  and 
rich  media  content  distribution. 

Whether  you’re  a  telecom  carrier  looking  to  rapidly  deploy  new 
services;  a  Fortune  500  enterprise  needing  comprehensive, 
proactive  security  services;  or  an  e-commerce  leader  wanting 
to  securely  process  payments  and  reduce  fraud,  we  can  help. 
We’re  VeriSign.  Where  it  all  comes  together.’” 


ghts  'ost'vsd  VeriSign.  tne  VeriSign  logo.  "Where  it  ell  comes 
narks  service  marks,  and  designs  are  registered  or  unregistered 


;llige 


Our  color  printers,  multifunction  systems 
spectrum  itself.  So  one  is  sure  to  fit  your  busines; 


Color  is  improving  work  everywhere.  And  no  one  is  more 
committed  to  enhancing  how  people  use  color  than  Xerox. 
Our  wide  array  of  award-winning  digital  color  devices  makes 


it  easy  to  custom  fit  a  color  solution  for  just  about  any 
business.  And  just  as  impressive  are  the  hands-on  extras  w 
can  provide,  like  workflow  expertise,  process  improvement 


Xerox  color  printers 
multifunction  systems 
&  digital  presses 


xerox.com/color  1-8OO-ASBC-XER0X  ext.  COLOR 


©  2005  XEROX  CORPORATION.  All  rights  reserved.  XEROX*  and  Xerox  Color.  It  makes  business  sense  are  trademarks  of  XEROX  CORPORATION  in  the  United  States  and/or  other  countries. 


and  digital  presses  are  as  varied  as  the  business 


dike  a  glove.  Xerox  Color. 

techniques,  and  managed  services  that  make  color  productive 
Band  effective.  Xerox  color  integrates  easily  into  any  network. 
Our  supplies  are  economical.  And  our  line  is  so  affordable, 


It  makes  business  sense. 

it’s  within  reach  of  small  businesses  as  well  as  large 
global  companies.  Why  not  try  Xerox  color  on  for  size?  We 
promise  a  fit  that  works  hand  in  glove  with  your  business. 


XEROX 


Technology 


Document  Management 


Consulting  Services 


THE  RESOURCE  FOR  INFORMATION  EXECUTIVES 


president  and  ceo  Walter  Manmnen 
editorial  director  Lew  McCreary 
publisher  Gary  J.  Beach 

EDITORIAL 

editor  in  chief  Abbie  Lundberg 
editor  Richard  Pastore 

managing  editor  David  Rosenbaum 
managing  editor,  production  Cheryl  R.  Asselin 
executive  editors  Alison  Bass, 
Christopher  Koch,  Edward  Prewitt 
Washington  bureau  chief  Allan  Holmes 
special  projects  editor  Mindy  Blodgett 
technology  editor  Christopher  Lindquist 
senior  editors 

Scott  Berinato,  Alice  Dragoon, 

Stephanie  Overby.  Elana  Varon 

SENIOR  WRITERS 

Meridith  Levinson,  Susannah  Patton,  Ben  Worthen 
staff  writer  Thomas  Wailgum  ' 

CONTRIBUTORS 

Jim  Cash,  Grant  Gross,  Mike  Hugos,  Eric  Knorr, 
Paul  Roberts,  Megan  Santosus,  Michael  Schrage 

DESIGN 

executive  director,  art  and  design  Mary  Lester 
art  director  Terri  Haas 

ASSOCIATE  ART  DIRECTORS 

Owen  Edwards,  Matthew  Goebel 
designer  Joanna  De  Fazio 

associate  designer  Neva  Tachkova 
design  operations  specialist  Rachel  Barnett 

COPY  TEAM 

copy  chief  Emily  S.  Henderson 

senior  copy  editor  Diann  Daniel 
copyeditor  Cathy  Mallen 
assoc,  copy  editor  Daniel  John  Robinson 

EDITORIAL  ASSISTANTS 

Cassidy  Healzer,  Margaret  Locher,  Al  Sacco 

RESEARCH  &  PROJECTS 

research  editor  Lorraine  Cosgrove  Ware 

editorial  resource  manager  Carol  Zarrow 
ASSOCIATE  RESEARCH  ANALYST  Julie  HanSOn 
special  projects  manager  Lynne  Z.  Rigolini 

ONLINE  EDITORIAL 

web  editorial  director  Art  Jahnke 

WEB  EXECUTIVE  EDITOR  AND  PRODUCER 

Janice  Brand 

web  editor  Sandy  Kendall 
web  writer  Jon  Surmacz 


INTERNATIONAL  DATA  GROUP 

ceo  Pat  Kenealy 

board  chairman  Patrick  J.  McGovern 


WORLDWIDE- 

©CXO  Media  Inc. 


I 


I 


! 


WHAT  WE  COVER,  WHOM  TO  CONTACT 


INDUSTRY 

Automotive 

Edward  Prewitt,  eprewitt@cio.com 

Financial  Services 

Elana  Varon,  evaron@cio.com 

Health  Care 

Alison  Bass,  abass@cio.com 

Manufacturing,  Business-to-Business 

Christopher  Koch,  ckoch@cio.com 

Manufacturing,  Business-to-Consumer 

Susannah  Patton,  s patton@cio.com 

Public  Sector 

Allan  Holmes,  aholmes@cio.com 

Retail 

Meridith  Levinson,  mlevinson@cio.com 

Transportation 

Stephanie  Overby,  soverby@cio.com 

Travel/Leisure/Entertainment 

Alice  Dragoon,  adragoon@cio.com 


BUSINESS  & 

TECHNOLOGY 

Architecture 

Christopher  Koch,  ckoch@cio.com 

Customer  Relationship  Management  (CRM) 

Alison  Bass,  abass@cio.com 
Alice  Dragoon,  adragoon@cio.com 

E-Commerce,  Business-to-Business 

Christopher  Koch,  ckoch@cio.com 

E-Commerce,  Business-to-Consumer 

Meridith  Levinson,  mlevinson@cio.com 

Emerging  Technology 

Christopher  Lindquist,  clindquist@cio.com 


Enterprise  Resource  Planning  (ERP) 

Ben  Worthen,  bworthen@cio.com 

Integration 

Christopher  Koch,  ckoch@cio.com 

Leadership  and  Management 

Edward  Prewitt,  eprewitt@cio.com 

Legislation  and  Regulation 

Allan  Holmes,  ahotmes@cio.com 
Ben  Worthen,  bworthen@cio.com 

Outsourcing 

Stephanie  Overby,  soverby@cio.com 

Project  Management 

Mindy  Blodgett,  mblodgett@cio.com 

Public  Sector  (Government  IT) 

Allan  Holmes,  aholmes@cio.com 

Risk  Management 

Allan  Holmes,  aholmes@cio.com 

Security/Privacy 

Scott  Berinato,  sberinato@cio.com 
Allan  Holmes,  aholmes@cio.com 

Staffing 

Stephanie  Overby,  soverby@cio.com 

Supply  Chain  Management 

Ben  Worthen,  bworthen@cio.com 

Value  and  Measurement 

Mindy  Blodgett,  mblodgett@cio.com 

Vendor  Management 

Scott  Berinato,  sberinato@cio.com 
Susannah  Patton ,  spatton@cio.com 

Web  Services 

Christopher  Lindquist,  clindquist@cio.com 
Elana  Varon,  evaron@cio.com 

Workforce  Connectivity 

(Wireless,  Collaboration  Technologies) 

Thomas  Wailgum,  twailgum@cio.com 


COLUMN  &  DEPARTMENT  CONTACTS 


Book  Reviews 

Carol  Zarrow,  czarrow@cio.com 

By  the  Numbers 

Lorraine  Cosgrove  Ware,  icosgrove@cio.com 

Essential  Technology 

Christopher  Lindquist,  ciindquist@cio.com 

Executive  Coach 

Edward  Prewitt,  eprewitt@cio.com 

Forum 

Cheryl  Asselin,  casselin@cio.com 

From  the  Editor 

Abbie  Lundberg,  lundberg@cio.com 
Richard  Pastore,  pastore@cio.com 

From  the  Publisher 

Gary  Beach,  gbeach@cio.com 


InBox 

Cheryl  Asselin,  casselin@cio.com 

On  the  Move 

Meridith  Levinson,  mievinson@cio.com 

Peer  to  Peer 

Alison  Bass,  abass@cio.com 

Total  Leadership 

Elana  Varon,  evaron@cio.com 

Trendlines 

Elana  Varon,  evaron@cio.com 

Washington  Watch 

Allan  Holmes,  aholmes@cio.com 
Ben  Worthen,  bworthen@cio.com 


e-mail  letters@cio.com  phone  508  872-0080  fax  508  879-7784  address  CIO  Magazine,  CXO  Media  Inc., 

492  Old  Connecticut  Path,  P.0,  Box  9208,  Framingham,  MA  01701-9208  website  www.cio.com  subscriber  ser¬ 
vices  866  354-1125  •  Fax  847  564-9453  •  E-mail  cio@omeda.com  reprint  services  Jesse  Levy  *  PARS  Interna¬ 
tional  •  212  221-9595  xl23  •  E-mail  jesse@parsintl.com  rights  and  permission  Andrew  Burrell  •  508  935-4785  • 
E-mail  aburreii@cio.com 


14 


MAY  15,  2005  |  www.cio.com 


BOARD  OF  ADVISERS  '05 


CIO  wishes  to  acknowledge  the  2005  Editorial  Advisory  Board  members  for  their  ongoing 
guidance  and  reality  check  of  the  magazine’s  content  and  focus.  We  thank  them  for  their 
generosity  in  sharing  their  insight  into  the  world  of  IT  leadership. 


GREGOR  BAILAR 

CIO 

Capital  One 
Falls  Church,  Va. 

MARCIA  BALESTRINO 

SVP&CIO 
Girl  Scouts 
of  the  USA 
New  York  City 

DOUG  BARKER 

CEO 

Barker  and  Scott 
Consulting 
Washington,  D.C. 

SHEILA  BEAUCHESNE 

CIO 

Bluegreen 
Boca  Raton,  Fla. 

WAYNE  D.  BENNETT 

Partner 

Bingham  McCutchen 
Boston 


LARRY BONFANTE 

CIO 

United  States  Tennis 
Association 
White  Plains,  N.Y. 

DENNIS  CALLAHAN 

EVP  &  CIO 
The  Guardian  Life 
Insurance  Co. 

New  York  City 

MICHAEL  EARL 

Professor  of  Information 
Management,  Dean  of 
Templeton  College 
Oxford  University 
Oxford,  England 

PAUL  J.  GAFFNEY 

EVP,  Supply  Chain 
Staples 

Framingham,  Mass. 


JOHN  GLASER 

VP  &  CIO 

Partners  Healthcare 
Boston 

JERRY  GREGOIRE 

Former  CIO 
Pepsi  and  Dell 
Austin,  Texas 

SCOTT  HEINTZEMAN 

CIO 

Carlson  Hotels 

Worldwide 

Minneapolis 

C.  LEE  JONES 

Chairman,  President 
&CEO 

Essential  Group 
Gurnee,  Ill. 

SUSANS.  KOZIK 

EVP  &  CTO 
TIAA-CREF 
New  York  City 


BUD  MATHAISEL 

Corporate  VP  &  CIO 
Solectron 
Milpitas,  Calif. 

RON  J.  PONDER,  PhD 

EVP&  CIO 
WellPoint  Inc. 
Indianapolis 

SHELEEN  QUISH 

VP,  Corporate 
Marketing  &  Global 
CIO 

U.S.  Can 
Lombard,  Ill. 

REBECCA  R.  RHOADS 

CIO 

Raytheon 
Lexington,  Mass. 


LARAINE  RODGERS 

President 

Arizona  Partnership 
for  Higher  Education 
and  Business 
Scottsdale,  Ariz. 

JOSEPH  A. 
SMIALOWSKI 

EVP,  Operations  & 
Technology 
Freddie  Mac 
McLean,  Va. 

JAMES  F.  SUTTER 

Senior  Partner 

The  Peer  Consulting 

Group 

Newport  Beach, 

Calif. 

RICHARD  W. 
SWANBORG  JR. 

President 

ICEX 

Boston 


PATRICIA 

WALLINGTON 

President 
CIO  Associates 
University  Park,  Fla. 

ROBERT  P.  WEIR 

VP,  Information 

Services 

Northeastern 

University 

Boston 

STEVE  WILLIAMS 

SVP&CIO 
Mattress  Giant 
Addison,  Texas 


ADVERTISEMENT 


Principal  Enterprise  Architect 


Responsibilities 

The  position  is  primarily  responsible  for  the  overall  planning,  supervi¬ 
sion  and  coordination  of  the  establishment  of  an  enterprise  architec¬ 
ture  that  best  enables  the  business  activities  of  ADB.  In  undertaking 
these  activities,  the  position  coordinates  with  Information  Systems 
and  Technology  Strategy  project  teams  and  the  Information  Technology 
(IT)  Committee.  Specific  responsibilities  include: 

1 .  Designing,  developing,  and  maintaining  enterprise  architecture 
standards  and  procedures  in  conjunction  with  the  Technical  Archi¬ 
tect/Security  Officer  and  Data  Architect; 

2.  Establishing  the  overall  architecture  framework  solutions  to  guide 
the  design  of  business  applications  and  the  implementation  of 
selected  infrastructure  including  technologies,  platforms,  data¬ 
bases,  data  processes,  quality  assurance,  training,  and  other  com¬ 
ponents  needed  to  support  the  architecture  and  make  it  functional; 

3.  Overseeing,  managing,  and  leveraging  the  enterprise  architecture 
deliverables  across  the  IT  infrastructure  and  systems; 

4.  Disseminating  the  benefits  derived  from  the  Enterprise  Architec¬ 
ture  initiative  to  the  Office  of  Information  Systems  and  Technol¬ 
ogy  (OIST)  and  other  departments/offices  of  ADB; 

5.  Analyzing  the  financial  impact  of  current  operations  and  of  pro¬ 
posed  changes  and  presenting  the  options  to  Management  from 
an  investment  point  of  view; 

6.  Managing  the  outputs  of  the  Enterprise  Architecture  process  and 
ensuring  that  all  deliverables  are  focused  on  obtaining  maximum 
return  on  investment; 

7.  Performing  the  compliance  process  to  ensure  deliverables  of  project 
teams  adhere  to  standards;  seeking  resolution  from  the  IT 


www.adb.org 


Committee  for  cases  where  exceptions  cannot  be  resolved  by  the 
Enteprise  Architecture  team;  and 

8.  Supervising  a  team  of  professional  staff,  national  officers,  and  adminis¬ 
trative  staff. 

Reporting  Arrangements 

The  position  reports  to  Director,  Program  Management  Office,  which  is 

under  OIST. 

Selection  Criteria 

■  Suitability  to  undertake  the  responsibilities  mentioned  above  at  the 
required  level; 

■  A  university  degree  in  Engineering,  Information  Technology,  Manage¬ 
ment  Information  System,  or  related  fields,  preferably  at  post-graduate 
level  or  its  equivalent; 

■  At  least  seven  (7)  years  of  relevant  professional  experience,  with  pro¬ 
found  technical  skills  and  comprehensive  experience  in  one  or  two  of  the 
following  areas:  application  development,  database  design/administra- 
tion,  network  engineering,  systems  administration,  and  infrastructure 
development; 

■  Understanding  of  application  design,  Internet  technologies,  database 
and  data  warehouse  design,  network  design,  and  many  other  aspects  of 
information  technology  at  a  thorough,  cross-disciplinary  level; 

■  In-depth  knowledge  and  understanding  of  current  and  future  technolo¬ 
gies,  their  capacity  to  drive  business  information,  and  of  the  business 
being  transformed; 

■  Experience  in  implementing  architectural  framework  and  use  of  enter¬ 
prise  modeling  tools; 


■  Experience  in  integrating  legacy  systems  with  more  recent  tech¬ 
nology  would  be  preferred; 

■  Good  interpersonal  skills;  and 

■  Excellent  oral  and  written  communication  skills  in  English. 

The  Asian  Development  Bank’s  vision  is  a  region  free  of 
poverty.  Established  in  1 966  and  headquartered  in  Manila, 
Philippines,  ADB's  multicultural  staff  come  from  about  50  member 
countries.  ADB  offers  an  internationally  competitive  salary  paid  in 
US  dollars.  Salaries  and  benefits  are  generally  free  of  tax  except  for 
citizens  of  some  countries,  primarily  the  USA  and  the  Philippines, 
whose  incomes  are  taxed  by  their  respective  governments.  While 
the  position  advertised  is  for  ADB  Headquarters  in  Manila, 
Philippines,  ADB  staff  must  be  prepared  to  serve  in  any  location 
outside  its  Headquarters  at  the  discretion  of  Management. 
Applicants  must  be  nationals  of  one  of  ADB's  member  countries. 
International  experience  will  betaken  into  consideration. 

Apply  electronically,  quoting  Ref.  No.  EXT-PS04-220(3)-OIST  and 
job  title  on  subject  line  and  attaching  application  form  available  on 
www.adb.org/Employment/appform.asp  to  e-mail  address 
CS-jobs@adb.org  by  29  May  2005 

Due  to  large  number  of  applications  normally  received,  only 
shortlisted  candidates  will  be  notified. 

Applications  lacking  the  job  reference  number  and  job  title  or  using 
the  wrong  e-mail  address  will  not  be  considered. 

Women  are  actively  encouraged  to  apply. 


Asian  Development  Bank 

FIGHTING  POVERTY  IN  ASIA  AND  THE  PACIFIC 


PREEMPTIVE  SECURITY  IS  HERE: 


Prevent 

MAJOR  INTERNET  THREATS  - 


THEY  RUIN  YOUR  DAY. 


Proventia  ESP  (Enterprise  Security  Platform)  from  ISS  stops  Internet  threats  before  they  impact  your  business.  With  intrusion 
prevention  and  vulnerability  assessment  products  and  services,  Proventia  ESP  reduces  your  overall  risk  and  helps  assure 
regulatory  compliance  and  business  continuity.  Only  ISS  keeps  you  ahead  of  the  threat  with  preemptive  protection  for  your 
entire  enterprise.  Download  a  free  white  paper  at  www.iss.net/ESP/CIO,  or  call  1-800-776-2362. 

NETWORK  &  HOST  INTRUSION  PREVENTION  I  VULNERABILITY  MANAGEMENT  I  MANAGED  SECURITY  SERVICES 


©2005  Internet  Security  Systems  Incorporated.  All  rights  reserved. 


November  18 


FRIDAY 


G  Internet  Security  Systems® 

Ahead  of  the  Threat.™ 


READER  FEEDBACK 

InBox 


Bl:  All  About  the  Business 

BI  systems  are  not  “for  the  most  part” 
dreary  failures  (“The  Brain  Behind  the 
Big,  Bad  Burger,”  March  15) .  It  has  noth¬ 
ing  to  do  with  the  industry.  There  are 
spectacular  ROI  examples  in  retail,  telco, 
finance,  health  care  and  other  industries. 

In  the  sidebar,  “Tips  for  Getting  BI 
Right,”  I  would  have  summarized  points 
one,  three  and  six  this  way:  Business  exec¬ 
utives  and  analysts  must  take  ownership 
in  the  process  of  creating,  modifying  and 
maintaining  the  BI  system,  including 
defining  what  key  performance  indicators 
are  used  to  run  the  business  and  the  types 
of  analyses  that  should  be  performed. 

The  business  folks  are  most  effective 
remaining  in  the  business  and  teaming 
with  the  IT  folks  in  building  such  solu¬ 
tions.  If  they  don’t  take  ownership  of  the 
process,  they  won’t  like  or  use  the  solution, 
and  that  seems  to  be  the  most  likely  cause 
of  failure  right  now.  A  secondary  cause  of 
trouble  is  a  failure  by  IT  to  keep  going  back 
to  the  business,  or  to  adjust  data  models 
and  strategy  to  changing  needs. 

ROBERT  STACKOWIAK 

Senior  Director,  Business  Intelligence 
Technology  Business  Unit 
Oracle  Corp. 

robert.stackowiak@oracle.com 


One  Size  Does  Not  Fit  All 

While  I  admire  the  commitment  of 
Bill  Godfrey,  CIO  of  Dow  Jones,  to  make 
the  EA  paradigm  work  at  his  company, 
it’s  misleading  to  assume  or  imply  that 
one  size  fits  all  (“A  New  Blueprint  for  the 
Enterprise,”  March  1). 

Dow  Jones’s  approach  to  E  A  may  prove 
to  be  successful.  In  a  diversified  organiza¬ 
tion,  EA  methodology  can  succeed  beyond 
lip  service  only  if  there  is  tangible  incen¬ 
tive  for  cross  organizations  to  cooperate. 

If  the  IT  funding  is  based  on  a  program- 
by-program  basis  and  in  a  “cost  plus” 
format,  there  is  little  incentive  by  the 
programs  to  build  an  EA  methodology 
for  program  executions  and  deliverables. 

What  counts  most  here  is  the  timely 
delivery  of  solutions.  Cross-organiza¬ 
tional  collaboration  is  of  little  practical 
value  beyond  informal  knowledge- 
sharing.  Even  the  Clinger-Cohen  Act 
has  failed  to  deliver  real  results  as  Gov¬ 
ernment  Accountability  Office  reports 
continue  to  show  very  poor  grades  for 
most  federal  organizations. 

I  nevertheless  am  heartened  and  will 
keep  on  trying  the  federated  model  that 
we  have  had  in  place  for  more  than  a  year 
and  hope  we  will  have  some  converts.  I  too 
believe  in  the  EA  methods  and  have  to  sell 
it  to  my  customers. 

AJIT  KAPOOR 

Chairman,  Council  of  IT  Architects 
Lockheed  Martin/EIS/CTO 

ajit.kapoor@lmco.com 

i 

EA:  User  Buy-In 

Your  March  1  report  on  enterprise 
architecture  provides  useful  strategies 
for  developing  an  enterprise  architecture. 
However,  it  does  not  explicitly  address  the 
core  issue.  The  key  issue  for  EA  initiatives 
is  gaining  user  compliance.  If  users  do  not 
see  value,  they  will  ignore,  resist  or  rebel. 
Without  user  support  and  compliance,  the 


| 

best  initiatives  will  fail. 

Enterprise  architecture  affects  users, 
however.  By  defining  standards,  architec¬ 
tures  restrict  user  choices  and  increase 
costs  and  schedules.  For  example,  say  a 
user  acquires  a  software  package  that 
doesn’t  conform  to  the  architecture.  Does 
the  user  modify  the  package  to  be  compli¬ 
ant,  or  remain  noncompliant?  Architec¬ 
tural  success  depends  upon  resolving 
these  user  impacts. 

The  “city  planning”  metaphor  in  “A 
New  Blueprint  for  the  Enterprise”  is  use¬ 
ful.  The  key  is  to  develop  an  implementa¬ 
tion  plan  that  delivers  near-term  value  to 
users  so  that  they  will  align  with  the  plan 
out  of  self-interest. 

For  user  compliance,  there  are  four 
key  actions: 

1.  Target  architecture:  A  development 
and  implementation  strategy  that  delivers 
near-term  benefits  to  users. 

2.  Benefits:  Expressing  benefits  in 
terms  that  are  meaningful  to  and  have  value 
for  affected  business  and  IT  executives. 

3.  “Conversion”  costs:  Alignment 
causes  additional  work,  cost  and  elonga¬ 
tion  of  the  user’s  implementation  schedule. 

4.  Marketing:  A  compelling  “story”  of 
who  is  aligning  with  the  architecture,  the 
benefits  and  the  growing  community  of 
aligned  users  must  be  made  clearly  from 
the  user’s  perspective. 

Without  addressing  these  issues,  the 
best  technical  architecture  will  fail. 

MARK  HESS 

President 

Weston  Technology  Management  Group 
mark.  l.hess@comcast.  net 


What  Do  You  Think? 


Send  your  thoughts  and  feedback  to 
letters@cio.com.  Letters  may  be  edited  for 
length  or  clarity.  For  a  link  to  the  articles 
mentioned,  go  to  www.cio.com/printlinks. 

cio.com 


18 


MAY  15,  2005  |  www.cio.com 


LaSalle  Bank 

ABN  AMRO 


OUR  MISSION:  CLEANSING  THE  WORLD  OF  LEASE  SURPRISES.  We  won't  stop  until  your  equipment  lease  is  completely 
free  of  those  insidious  asterisks.  From  the  beginning,  we  have  you  talking  to  someone  authorized  to  make  a  deal. 
No  sales  guys  changing  the  terms  after  they've  talked  to  their  "people."  No  last-minute  caveats  when  you  re  ready 
to  sign  the  papers.  We  call  it  a  transparent  process.  And  we  imagine  that's  how  you,  like  so  many  other  well-known 
companies,  would  prefer  to  work.  Call  Ed  Dahlka,  President,  at  888-760-8900.  No  Surprises. 


LaSalle  National  Leasing  Corporation 


LaSalle  Bank  N  A  Member  FOIC  (£  2005 


©2005  Intel  Corporation.  Intel,  Intel  Inside,  the  Intel  Inside  logo,  and  Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  All  rights  reserved. 


L  -J  »  **  » 

t 

■*#**  pm  #i  * 

••r  •  -  -  -wm if 


••  - 


|  *t»  ».*»  *•**  turn  » »  t 

►I  f  »> 

»  •“!  •  -•  »*“  ; 


3§§  :-v  ip  m  ^ 

■  B  M  M  r  fi 

*  f?  1*  :•»  it  ! 

B  §H|.  jagfr  jilt  jgto-  yto  J 

I  K a<  fi  if  f  if 1 
1  ■  III  II II 

B  HR  "W  wB  w 

|  I  IrfSrfB 

UiS*. 

[  IIRRRR 

RRRRIk 

1  *?«  Jl  ii  *  «  *|  m 

jflSik 

inuiitmi 

HitfsiB 

I  $1  f«  ft  9i  9f  | 

HNnn»|n 

i ',  ■  *  «». .  .’#*  «**• 

*  1  * 

!>•  to  **  ♦»■■■• 


The  world’s  most-deployed  server  platform  now  supports 
64-bit  applications.  The  Intel®  Xeon™  processor  now 
works  harder  for  your  business  than  ever.  With  innovative 
platform  features  that  enable  power-saving 
options,  flexible  memory,  I/O  and  storage  configurations. 
And,  of  course,  continued  support 
for  all  your  existing  32-bit  applications. 

How  can  Intel  Xeon  processor-based  servers  serve  you? 

intel.com/go/xeon 


.  «  -i* 


SAS®  SOFTWARE  AND  INTEL® 

ITANIUM®  2  PROCESSOR-BASED  SERVERS 


SAS  and  Intel  give 
PFIZER  HEALTH 
SOLUTIONS  INC 

The  Power  to  Know/® 
how  to  help  its  clients 
provide  effective  healthcare 
to  more  than  a  half-million 
patients.  Read  our  success 
story  at  www.sas.com/phs. 


Power  users  have  been  tapping  into  SAS’  unmatched  breadth  and  depth  of  analytics  for 
years  to  drive  their  organizations  forward.  Now  innovation  can  come  from  anyone,  anywhere 
in  your  company.  While  most  Bl  vendors  deliver  historical  reporting  solutions,  SAS®  business 
intelligence  and  analytics  software  -  on  Intel®  Itanium®  2  processor-based  servers  -  empowers 
you  to  predict  outcomes  and  make  more  effective  decisions  throughout  your  enterprise.  SAS 
takes  you  Beyond  Bl ™  by  making  it  easy  to  put  the  power  to  know  in  the  hands  of  everyone. 


r  go  Beyond  Bl’“  at  www.sas.com/Bltour  ■  Free  product  tour 


SAS  and  all  other  SAS  Institute  Inc.  product  or  service  names  are  registered  trademarks  or  trademarks  of  SAS  Institute  Inc.  in  the  USA  and  other  countries.  ®  indicates  USA  registration.  Other  brand  and  product  names  are  trademarks  of  their  respective  companies. 
©  2005  SAS  Institute  Inc.  All  rights  reserved.  ©  2005  Intel  Corporation.  All  rights  reserved.  Intel,  the  Intel  logo,  and  Itanium  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  329486US.0405 


PHOTO  TOP  BY  MARGO  STEFFEL;  BOTTOM  BY  GETTY  IMAGES 


trendlines 

EDITED  BY  ELANA  VARON  NEW  *  HOT  *  UNEXPECTED 


The  Wi-Fi 

BACKLASH 

wireless  technology  Since  Philadelphia  officials 
announced  that  they  wanted  to  offer  low-cost  wireless  service  to  their 
citizens  last  fall,  the  city  has  become  the  focal  point  of  an  emerging 
and  hotly  contested  trend.  Local  behemoths  Verizon  and  Comcast  are 
fiercely  opposed  to  Philadelphia’s  Wi-Fi  hot  zone  plan,  citing  unfair 
competition  and  what  they  claim  will  be  one  gigantic  waste  of  tax¬ 
payer  dollars. 

About  1,200  miles  west  of  Philly  is  Chaska,  Minn.,  a  town  of  18,000, 
where  residents  have  what  Philadelphia  wants:  high-speed  wireless 
Internet  access.  “We’re  a  bit  unique  in  that  we  have  been  acting  as  an 
ISP  for  five  or  six  years,”  says  Bradley  Mayer,  IS  manager  for  Chaska. 
Initially,  Mayer  offered  traditional  broadband  access  only  to  district 
schools  and  local  businesses.  Over  time,  he  thought  about  offering  the 
service  to  residents  and  also  started  playing  around  with  wireless. 
“We  knew  how  to  do  a  low-cost  broadband  connection  to  business,  so 
we  thought  we’d  leverage  what  we  knew,”  Mayer  says. 

The  impetus  for  the  Wi-Fi  offering,  which  was  rolled  out  in  July, 
was  to  provide  an  affordable  service  that  didn’t  yet  exist,  he  says.  For 
just  $15.95  per  month,  Chaska  citizens  can  wirelessly  access  the  Net 


and  surf  at  speeds  comparable  to  those  provided  with  cable  or  DSL 
connections.  Via  Chaska.net,  they  also  receive  five  e-mail  accounts 
and  10MB  of  Web  space.  The  Wi-Fi  service  charge  appears  on  the  bill 

Continued  on  Page  24 


Prying  Eyes 


security  Google  is  a  power¬ 
ful  search  engine.  You  can  find  local 
restaurants,  the  flight  patterns  of  rare 
birds,  even  look  into  your  neighbor’s 
bedroom.  In  the  latest  example  of 
Google  hacking,  hackers  have 
discovered  a  way  to  use  Google  to 
find  Web  interfaces  for  thousands 
of  unprotected  Web  cameras. 

Anyone  with  an  Internet  connection 
can  look  through,  and  then  manip¬ 
ulate,  the  lenses  of  Web  cameras 
deployed  across  the  world. 

News  of  the  Google  webcam 
hack  broke  publicly  in  January 
2005,  after  Internet  users  posted 


links  to  Google  searches  that  could 
find  the  Web  cameras  on  popular 
blogs  like  BoingBoing.net.  Readers 
soon  chipped  in  with  their  own 
Google  search  strings  that  returned 
links  to  thousands  of  Web  cameras. 

Many  of  the  cameras  are  deployed 
for  security  purposes  and  stare  down 
silently  on  parking  lots,  shopping 
malls  and  busy  streets.  Billboards 
and  store  signs  often  provide  one 
of  the  only  clues  about  what  part  of 
the  world  the  camera  is  in.  In  some 
cases  though,  the  links  take  visitors 
inside  offices,  convenience  stores, 
and  even  homes  and  bedrooms. 


“All  you  have  to  do  is  get  a 
sample  of  the  Web  interface,  pick 
up  a  keyword  on  the  page  that's 
unique  to  that  software  and  turn 
it  into  a  Google  query,”  says 
Johnny  Long,  researcher  with 
Computer  Sciences  Corp.,  and 
author  of  Google  Hacking  for 
Penetration  Testers. 

Long  calls  the  Google  hacking 
the  most  overlooked  back  door  into 
corporate  networks.  Companies 
need  to  develop  and  then  enforce 
strong  policies  to  dictate  how 
content  gets  published  to  the  Web. 

-Paul  Roberts 


2  3 


www.cio.com  |  MAY  15,  2005 


Wi-Fi  Backlash 

Continued  from  Page  23 


from  the  electric  utility,  which,  along  with  two  golf  courses,  is  run  by  the  town. 

Unlike  Philadelphia,  Chaska’s  Wi-Fi  system  was  able  to  fly  under  the  radar  of  the 
local  cable  provider.  “Time  Warner  was  saying,  It’s  not  going  to  work,  so  we’re  not 
going  to  worry  about  it,”  Mayer  says.  Philadelphia’s  plans,  it  seems,  were  too  grand 
for  Verizon  and  Comcast  to  ignore.  In  response  to  the  uproar,  Pennsylvania  Gov. 
Edward  G.  Rendell  signed  a  measure  stating  that  cities  must  first  give  the  local  phone 
company  the  right  to  build  a  high-speed  Internet  network.  Cities  will  have  to  drop 
their  plans  if  the  phone  company  moves  forward  within  14  months— -though 
Philadelphia  was  exempted  from  the  new  law. 

A  recent  report  by  the  New  Millennium  Research  Council  notes  that  more  than 
200  U.S.  cities  are  considering,  testing  or  building  municipal  broadband  networks, 

the  majority  being  Wi-Fi  mesh 
networks.  The  report,  which 
mentions  both  Chaska’s  and 
Philadelphia’s  efforts,  concludes 
that  these  Wi-Fi  projects  will  not 
sustain  themselves,  will  increase 
taxpayer  burden  and  will  hurt 
existing  DSL  and  cable  providers. 
“The  experience  with  municipal 
Wi-Fi  networks  to  date  has  been 
long  on  hyperbole  and  short  on 
quantifiable  data,”  the  report  states. 

Mayer  knows  the  technology 
will  change  and  create  difficulties. 
“More  likely  than  not,  we  will 
have  torn  down  what  we  have  in 
place  right  now  in  three  years,” 
he  says.  The  small  amount  of 
revenue  the  service  generates 
will  allow  the  town  to  upgrade 
the  systems.  “It  is  designed  to 
sustain  itself,”  he  says.  The  town 
took  out  a  loan  to  pay  for  the 
service,  which  Mayer  plans  to 
pay  off.  So  far,  28  percent  of 
Chaska  homes  have  signed  up 
for  the  capability,  and  the  Chaska 
police  department  planned  to  start  using  the  Wi-Fi  service  this  month. 

A  lot  of  the  system  design  was  done  in-house  by  Mayer’s  five-person  staff.  He 
turned  to  two  vendors:  Tropos  Networks  (which  provides  the  mesh  network  hard¬ 
ware)  and  Pronto  Networks  (which  provides  software  for  managing  customers, 
revenue  and  services).  Though  Mayer  says  he  doesn’t  want  to  become  too  reliant  on 
vendors,  he  is  thinking  of  outsourcing  the  customer  service  and  help  desk  duties. 
“There  are  companies  out  there  that  can  do  customer  support  better  than  we’re  able 
to  provide  right  now,”  he  says. 

With  the  tidal  wave  of  furor  created  by  Philadelphia,  Mayer  knows  his  timing 
couldn’t  have  been  any  better.  “Today,  if  we  were  going  to  start  this,  we  would  defi¬ 
nitely  garner  more  interest,”  Mayer  says. 

- Thomas  Wailgum 


2  4 


A  TALE  OF  TWO  WI-FI  ZONES 

Chaska’s  Wi-Fi  service  is  up  and  running, 
and  Phiiiy’s  is  still  over  a  year  out.  Here’s 
how  the  two  communities  stack  up. 


Chaska,  Minn. 

Philadelphia 

Citizens 

18,000 

1.5  million 

Square  miles 

15 

135 

Wi-Fi 

antennas 

267 

4,000* 

Wi-Fi  charge 
per  month 

$15.95 

$15-$25* 

Startup 

costs 

$850,000 

$10  million* 

Subscribers 

2,077  out 
of  approx. 
7,500  homes 

TBD 

.  Motive 

for  Wi-Fi 
rollout 

Offer  low-cost 
access;  make 
a  little  money 

Offer  low-cost 
access;  keep 
businesses  in  town 

^Estimates 

¥ 

TOP  TECHNOLOGY 


o 


Network  security 
improvements:  35% 

Operating-system 

upgrade/installation: 

16o/o 


Database  upgrade/ 
installation:  15% 

Customer  relationship 
management:  15% 


Data  storage 

and  backup:  13°/o 

Hardware 
purchases:  ll°/o 


O 

o 

e 


Wireless  communica¬ 
tions:  10% 


ERP  upgrade/ 
installation:  8% 


Development  of 
e-business  applica¬ 
tions:  6% 


Cf*  Other/don't  know: 

/  8% 


*  Survey  of  more  than 
1,400  CIOs.  Respondents 
were  allowed  to  provide 
multiple  answers. 

SOURCE:  Robert  Half  Technology 


MAY  15,  2005  |  www.cio.com 


Oracle  Application  Server 


Leading  Companies  Rely  on  Oracle 

For  Business  Integration 


Alamo 


AIRLINES' 


1 


NetworkAppliance8 

The  evolution  of  storage.™ 


UNOCAL® 


Oracle  lOg— 

Integrate  All  Your  Business  Information. 


oracle.com/integration 
or  call  1.800.633.0641 


Copyright  ©  2005,  Oracle.  All  rights  reserved.  Oracle  is  a  registered  trademark  of  Oracle  Corporation  and/or  its  affiliates 
Other  names  may  be  trademarks  of  their  respective  owners. 


BY  JON  SURMACZ 


Stressed,  but  Happy 

Job  satisfaction  of  IT  workers  is  rising,  but  CIOs 
worry  about  burnout 


Even  though  IT  jobs  are  stressful, 
IT  workers  are  happier  now  than 
they  were  a  year  ago.  According  to 
the  March  2005  Hudson  Employ¬ 
ment  Index,  compiled  by  inde¬ 
pendent  research  firm  Ras¬ 
mussen  Reports,  77  percent  of 
IT  workers  say  they  are  happy 
with  their  jobs.  In  May  2004, 
only  66  percent  of  IT  workers 
said  they  were  happy  at  work. 

Kevin  Knaul,  executive  vice 
president  of  IT  and  telecommu¬ 


nications  practice  for  Hudson 
North  America,  says  increasing 
optimism  about  hiring  and  the 
related  prospect  of  a  return  to 
normal  workloads  has  con¬ 
tributed  to  the  increased  job 
satisfaction  scores.  More  than 
one-third  of  IT  workers  surveyed 
said  that  their  companies  were 
hiring.  “There's  a  return  to 
normalcy,”  says  Knaul.  "IT 
workers  aren’t  just  happy  to 
have  a  job  anymore.” 


In  fact, 
the  data 
shows  that 
IT  workers 
may  be  the 
happiest  of  al  I  workers.  Compared 
with  employees  in  other  industries 
surveyed  by  Hudson  (a  division  of 
the  staffing  and  executive  search 
company  Hudson  Highland  Group), 
IT  workers  generated  the  highest 
positive  response  rate  to  the  job 
satisfaction  question.  Health-care 
workers  were  a  close  second  at 
76  percent. 

Knaul  cautions,  however,  that 
CIOs  should  continue  to  monitor 
staff  morale  because,  now  that 
the  job  market  is  picking  up, 


some  workers  could  be  tempted 
to  leave.  “Turnover  kills  the 
productivity  of  an  IT  depart¬ 
ment,”  Knaul  notes.  (For  more 
on  the  costs  of  turnover,  read 
"Turnover  Is  Expensive,"  at 
www.  cio. com/051505.) 

A  recent  survey  by  CIO  shows 
that  IT  executives  are  indeed 
concerned  about  morale.  Among 
the  top  staffing  challenges  for  this 
group  surveyed  by  CIO  in  January: 
preventing  burnout  (83  percent) 
and  low  morale  (60  percent).  The 
survey  also  cited  stress  as  a  major 
contributor  to  low  morale.  A 
whopping  76  percent  of  IT  execu¬ 
tives  said  that  stress  among  IT 
staff  was  high  or  very  high. 


1.  Monitor  morale. 

Use  360-degree  management  surveys  and 
employee  satisfaction  surveys  to  formally 
gauge  morale.  Informally,  managers  who 
spend  time  working  next  to  employees  will 
have  a  better  read  on  morale  than  those 
who  don’t. 


2.  Provide  training. 

IT  workers  want  to  keep  their  skills  in  step 
with  current  technology  trends.  If  it’s  not 
possible  to  give  time  off  for  training,  try 
lunchtime  or  after-hours  training  sessions 
to  satisfy  their  needs. 


3.  Compete  on  salary. 

Even  though  IT  workers  aren’t  likely  to  be 
wooed  away  by  a  few  extra  dollars  if  they’re 
well-trained  and  happy,  Knaul  says  that 
companies  must  be  in  the  ballpark  in  order 
to  keep  their  best  and  brightest. 


In  Spite  of  High  Stress  Levels... 


...IT  Workers  Are  the  Happiest... 


HOW  WOULD  YOU  DESCRIBE  THE  STRESS  LEVEL 
IN  YOUR  COMPANY’S  I.T.  DEPARTMENT? 


WORKERS  WHO  SAID  THEY  ARE  HAPPY  WITH  THEIR  JOBS 


64%  ({  Manufacturing 


High:  57%  » 


Very  high:  19% 


«  Low:  3% 


71%  ((  Accounting  and  finance 


76%  ((  Health  care 


77%  «  IT  i 


Normal:  21% 


CIO  RESEARCH 


2  6  MAY  15,  2005  |  www.cio.com 


SOURCE:  Hudson  Employment  Index,  March  2005 


...And  Getting  Happier 

I.T.  WORKERS  WHO  SAID  THEY  ARE  HAPPY  WITH  THEIR  JOBS 

JJ  May  2004  »  66% 

V  March  2005  »  77% 

SOURCE:  Hudson  Employment  Index 


TRENDLINES  _ : _ _ _ _ _ S3  3  V  Id  LAI  13  U  A3  OiOHd 


See  your  global  infrastructure  in  a  new  way. 


Only  Riverbed  mokes  your  remote  offices  feel  local. 

Most  applications  and  protocols  were  designed  to  run  locally.  Over  a  WAN,  they  grind  to  a  halt. 
That's  why  Riverbed  developed  a  solution  built  on  radically  new,  patent-pending  technology  that 
actually  delivers  LAN-like  performance  across  your  WAN.  Even  for  chatty  applications  that  can 
break  down  across  the  most  robust  networks. 

Riverbed's  proven  solution  allows  your  enterprise  to  consolidate  IT  infrastructure  at  the  data 
center,  optimize  your  bandwidth  usage,  and  still  deliver  applications  and  data  over  your  WAN  - 
at  speeds  that  make  remote  data  feel  local. 

We're  so  confident  that  Riverbed  can  improve  your  WAN  application 
performance,  we'll  even  let  you  try  it  for  30  days,  risk-free.  Call 
us  at  1 -87-RIVERBED  to  get  started  right  away,  or  visit 

www.riverbed.com/CIO  today. 


-RIVERBED 


•  • 

D2005  Riveibed  Technology.  Iik.  All  nglits  teseived  Rivalled  Technology,  Rivecbed,  Steelheod  ond  the  Rivetbed  logo  me  liodemorks  m  legntoed  tiodemoiks  ol  Riveibed  Technology,  Inc. 


IDENTITY 

INSURANCE 

A  NEW  HR 

BENEFIT 

identity  theft  Onsite  massages 
were  a  nice  benefit  during  the  dotcom  days, 
but  what  perks  can  today's  cash-strapped 
companies  provide?  In  a  sign  of  the  times, 
insurance  companies,  including  AIG  Ameri¬ 
can  General  and  St.  Paul  Travelers,  are 
selling  identity  theft  policies  to  employers 
to  offer  as  an  employee  benefit. 

The  9.3  million 

adult  Americans  who 
were  victims  of  ID 
theft  in  2004  spent 

anaverageof$750 

and  28  hours  to 

resolve  issues  related 
to  the  crime. 

-“2005  Identity  Fraud  Survey  Report” 
by  Javelin  Strategy  &  Research 

Under  the  St.  Paul  Travelers  policy,  insured 
employees  are  reimbursed  for  expenses, 
such  as  attorney’s  fees,  that  they  may  incur 
while  trying  to  fix  their  credit.  Also  covered 
are  costs  related  to  wrongful  incarceration 
that  results  from  ID  theft— for  instance,  if 
you  are  taken  to  jail  because  a  known  drug 
dealer  is  using  your  identity. 

Similarly,  AIG  American  General’s  insur¬ 
ance  reimburses  expenses  incurred  by  ID 
theft  victims  and  provides  support  services, 
including  access  to  credit  specialists. 

Joe  Lester,  identity  theft  product  man¬ 
ager  with  St.  Paul  Travelers,  says  the 
average  ID  theft  policy  costs  companies 
anywhere  from  a  few  cents  to  about 
$2  annually  per  employee. 

-Megan  Santosus 


2  8  MAY  15,  2005  |  www.cio.com 


11 


Bills  Target 
ID  Theft 

Proposals  include  rules  for 
protecting  personal  data 

Expect  Congress  to  pass  new  rules 
regulating  the  way  companies  han¬ 
dle  customer  data  after  recent  leaks  of 
personal  information  by  data  collectors 
ChoicePoint  and  LexisNexis,  among 
other  companies. 

ChoicePoint  announced  in  February 
that  it  had  given  personal  information, 
including  Social  Security  and  driver’s 
license  numbers  belonging  to  up  to 
145,000  U.S.  residents,  to  ID  thieves 
posing  as  legitimate  business  owners. 
In  March,  LexisNexis  division  Seisint 
lost  personal  data  belonging  to  310,000 
U.S.  residents,  apparently  when  hackers 
compromised  its  database.  Bank  of 
America,  Science  Applications  Inter¬ 
national  and  Boston  College  also  lost 
customer  data  to  thieves  recently. 

Both  Repub¬ 
licans  and 
Democrats 
complain  about 
ID  theft.  “Any¬ 
one  has  a  near¬ 
perfect  right  to 
package  your 
personal  infor¬ 
mation  and  do 
almost  anything 
they  want  with 
it,”  says  Rep.  Joe  Barton  (R-Texas), 
chairman  of  the  House  Energy  and 
Commerce  Committee. 

But  it’s  mainly  Democrats  who 
are  pushing  restrictions  on  how 
personal  data  can  be  used  and  man¬ 
dates  that  companies  tell  people 
when  that  data  is  compromised. 


Rep.  Joe  Barton 

(R-Texas) 


EDITED  BY  ELANA  VARON 

Among  the  proposals: 

NOTIFY  CONSUMERS:  A  bill  by  Sen. 
Dianne  Feinstein  (D-Calif.)  would 
require  businesses  to  tell  consumers 
when  their  data  is  stolen.  The  Notifica¬ 
tion  of  Risk  to  Personal  Data  Act  went 
nowhere  in  2004  and  so  far  has  no 
Senate  cosponsors— a  barometer  of 
support  for  the  measure. 

However,  ChoicePoint  and  other 
businesses  have  said  they  prefer  a 
national  notification  law  to  multiple 
state  laws.  Feinstein’s  bill  is  similar 
to  a  California  data  notification  law 
that  went  into  effect  in  July  2003  (see 
www.cio.com/05l50S).  Meanwhile, 
the  Federal  Deposit  Insurance  Corp. 
(FDIC),  along  with  other  agencies,  in 
March  directed  financial  institutions 
to  notify  customers  when  their  per¬ 
sonal  data  is  compromised. 

REGULATE  INFORMATION  SHARING:  A 
bill  by  Sens.  Charles  Schumer  (D-N.Y.) 
and  Bill  Nelson  (D-Fla.)  would,  among 
other  provisions,  subject  businesses 
that  sell  personal  data  to  regulation  by 
the  Federal  Trade  Commission  and 
provide  $60  million  to  the  agency  to 
help  ID  theft  victims. 

EXTEND  FINANCIAL  PRIVACY  LAWS: 

FTC  Chairwoman  Deborah  Platt 
Majoras  advocates  extending  the 
privacy  and  security  obligations 
of  financial  institutions  to  data  bro¬ 
kers.  Under  law,  financial  companies 
must  have  a  security  plan  to  protect 
personal  consumer  information. 

Otherwise,  Majoras  thinks  current 
law  allows  penalties  for  any  company 
that  deceptively  promises  data  security. 

-Grant  Gross 


Get  More  Washington  News 


Read  Senior  Writer  Ben  Worthen's  TECH 
POLICY  BLOG  at  www.cio.com/blogs. 

cio.com 


TRENDLINES 


IT  DOESN’T  JUST 
AFFECT  YOUR  PEOPLE. 
IT  IMPACTS  YOUR 
BOTTOM  LINE. 


SOFTWARE  DELIVERY  OPTIMIZATION  FROM  BORLAND: 

THE  CURE  FOR  APPLICATION  DEVELOPMENT  DYSFUNCTION. 

Application  Development  Dysfunction  causes  over  70%  of  software  projects  to  fail* 
Fortunately,  there  is  a  cure.  Software  Delivery  Optimization  (SDO)  from  Borland.  Software 
Delivery  Optimization  transforms  software  development  into  a  predictable,  reliable, 
managed  business  process.**  Now  that  will  impact  your  bottom  line.  In  a  very  healthy  way. 


Borland 


ASK  BORLAND  IF  SDO  IS  RIGHT  FOR  YOU.  borland.com/sdo 


'The  Standish  Group  2004  Third  Quarter  Research  Report.  "Keep  out  of  reach  ot  competitors.  May  create  increased  efficiencies,  reduced  costs  and  fatter  margins. 

©  2005  Borland  Software  Corporation.  All  rights  reserved.  All  Borland  brand  names  are  trademarks  or  registered  trademarks  of  Borland  Software  Corporation  in  the  United  States  and  other  countries 


Small  Book,  Big  Ideas 

If  you’re  playing  corporate  tug-of-war,  get  political 
know-howonyourteam 


Get  Them  on  Your  Side: 
Convert  Skeptics,  Get  Results 

By  Samuel  B.  Bacharach 
Adams  Media,  2005,  $19.95 


» 

n 

z 

a 

r 

z 

n 

(0 


book  review  Many  CIOs 
already  recognize  the  importance 
of  political  savvy  (see  “It’s  Politics, 
as  Usual”  at  www.cio.com/05150S). 
For  everyone  else,  a  single  line 
from  Samuel  Bacharach’s  Get  Them 
on  Tour  Side  says  it  all:  “A  good 
idea  is  not  enough— you  need 
political  competence.” 

Although  the  author  is  a  pro¬ 
fessor  of  organizational  behavior 
at  Cornell  University’s  School  of 
Industrial  and  Labor  Relations, 
this  how-to  guide  is  anything  but 


academic.  In  it,  he  lays  out  an 
11-step  process  for  achieving 
a  goal,  grouping  the  steps  into 
three  sections:  map  the  political 
terrain,  get  others  on  your  side 
and  make  things  happen.  The 
discussion  of  each  step  mingles 
anecdotes  from  business,  govern¬ 
ment  and  nonprofit  organizations 
(as  well  as  a  few  family-life  sce¬ 
narios),  with  rubrics  for  under¬ 
standing  human  interaction. 

For  instance,  Bacharach  says 
that  regardless  of  a  proposal’s 


specifics,  the  person  champi¬ 
oning  it  can  expect  to  be  met 
with  at  least  one  of  six  objec¬ 
tions,  a  list  that  includes  “It  will 
make  things  worse,  not  better,” 
and  “You  don’t  know  the  issues 
well  enough.”  Other  lists  are  the 
four  types  of  agendas  and  the 
four  sources  of  personal  credi¬ 
bility.  Although  they’re  all  fairly 
obvious,  together  they  form  a 
comprehensive  framework  for 
political  competence  that  holds 
up  in  many  different  contexts. 

Its  broad  applicability  is  one  of 
the  book’s  strengths.  Bacharach 
has  been  published  widely  in 
academic  journals  on  manage¬ 


ment  and  organizational  behav¬ 
ior,  and  he  has  written  several 
textbooks  on  organizations  and 
negotiation.  Get  Them  on  Tour 
Side  reflects  the  breadth  of  his 
knowledge.  Yet  he  has  also  con¬ 
ducted  numerous  workshops 
with  real  executives,  giving  the 
book’s  examples  a  genuine  feel. 

Bacharach  sometimes  soft- 
pedals  his  arguments,  but  at 
other  points  he  shows  a  Machi¬ 
avellian  streak,  thereby  exem¬ 
plifying  in  his  own  writing 
the  variety  of  techniques  for 
getting  people  on  your  side  and 
getting  things  done. 

_  - Edward  Prewitt 


i 


4! 


B-School  Grads  Are 
Learning  the  Code 


business  education  When Calder 
Cruikshank  worked  as  an  analyst  in  the  finance 
department  at  Johnson  &  Johnson  a  few  years 
ago,  he  discovered  firsthand  how  a  lack  of 
technical  acumencould  hinder  technology 
projects.  “The  finance  people  didn’t  know  enough 
about  a  system  in  development  to  ask  the 
right  questions,”  Cruikshank  says.  He  thought 
learning  about  technology  would  make  him  a 
better  businessman.  So  when  he  decided  to 
pursue  an  MBA,  the  27-year-old  looked  for  a 
program  that  would  round  out  the  typical 
business  school  curriculum  with  a  foundation 
in  technology.  In  2003,  he  enrolled  at  Boston 
University,  where  he  expects  to  earn  his  dual 
MS-MBA  degree  this  spring. 

Louis  Lataif,  dean  of  BU's  School  of  Man¬ 
agement,  says  almost  half  of  the  308  students 
pursuing  graduate  degrees  are  enrolled  in  the 
program.  Lataif  says  that  unlike  other  graduate 
business  programs  from  the  likes  of  MIT  and 
Carnegie  Mellon  University,  BU’s  approach,  in 
which  IT  courses  are  integrated  into  a  tradi¬ 


tional  MBA  curriculum, 
offers  graduates  an 
advantage  because 
technology  is  so 
ingrained  with  today’s 
businesses.  Other 
schools  that  offer 
MS-MBA  programs 
include  the  University 
of  Maryland  and  the 
University  of  San 
Diego. 

Cruikshank  says  the  dual  degree  will  help 
him  in  the  future  because  many  of  the  IT- 
focused  courses  shed  light  on  how  IT  processes 
and  professionals  work.  Among  the  courses 
that  Cruikshank  feels  were  the  most  helpful: 
a  class  in  object-oriented  programming. 

“We  had  to  do  an  actual  programming  project, 
which  [showed]  me  the  ins  and  outs  of  the 
development  process,”  he  says,  adding  that 
these  courses  were  taught  with  an  emphasis 
on  how  to  apply  technology  to  real-life  business 


MS-MBA  students  at  Boston  University  discuss  a  class  assignment. 


problems  and  opportunities. 

Now  Cruikshank  is  considering  a  career  in 
marketing,  possibly  in  the  high-tech  arena. 

He  says  his  dual  IT-business  education  will 
help  him  better  understand  the  inner  workings 
of  both  the  application  development  process 
and  the  IT  personnel  he’ll  encounter  in  the 
future.  "I  think  I’ll  have  a  better  ability  to 
communicate  what’s  needed  and  what’s 
expected  of  IT,”  he  says. 

-Megan  Santosus 


3  0 


MAY  15,  2005  |  www.cio.com 


PHOTO  BOTTOM  BY  CRAIG  MACCORMACK 


For  just  pennies  a  page,  the  versatile 
Xerox  WorkCentre*  Pro  2128  delivers  rich  1200  x  1200  dpi 
color  prints,  plus  advanced  multi-function  performance. 
Xerox  olor.  It  makes  business  sense. 


The  remarkable  Xerox  WorkCentre  Pro  2128 
gives  you  an  affordable  way  to  add  brilliant  color 
and  an  impressive  set  of  valuable  features  to  any 
office.  This  advanced  digital  system  can  print, 
copy,  scan,  e-mail  or  fax  simultaneously,  even 
when  other  jobs  are  running.  It  also  scans  hard 
copy  directly  to  e-mail,  improving  productivity. 


i  i  i  i  i 
Print  Copy  Scan  Fax  E-mail 


Xerox  WorkCentre  Pro  2128 


Walk-up  simplicity  means  easy  access  to  razor 
sharp  28  ppm  black-and-white  and  21  ppm  quality 
color  documents.  And  it  consolidates  all  these 
functions  without  compromising  reliability.  To 
learn  more,  see  our  full  line  of  multi-function 
systems,  digital  copiers  and  award-winning  color 
printers.  It  makes  perfect  sense  for  any  business. 

XEROX 


xerox.com/office/24  |  Technology  |  Document  Management  |  Consulting  Services  | 

1-800-ASK-XEROX  ext.  24 


C  2005  XEROX  CORPORATION  All  rights  reserved  XEROX?  WorkCentre*  and  Xerox  Color  It  makes  business  sense  are  trademarks  of  XEROX  CORPORATION  in  the  United  States  and/or  other  countnes. 


ANOTHER  EXPERT  WEIGHS  IN  ON  THE 
TCO  OF  WINDOWS  AND  LINUX. 


Microsoft 


"We  got  to  market  six  months  faster,  and 
saw  14  percent  in  cost  savings  over  Linux, 
using  Windows  Server  System™" 


—  Owen  Flynn,  Chief  Technology  Officer 

Equifax  Inc. 


Equifax,  a  leading  provider  of  consumer  and  commercial  credit  information,  chose 
Windows  Server  System  because  it  allowed  them  to  deliver  new  and  improved  services 
with  a  14  percent  savings  in  total  cost  of  ownership.  With  their  new  Windows®-based 
supercomputer  cluster,  Equifax  is  able  to  manage  its  database  of  over  six  billion  data 
components  with  dramatic  increases  in  performance  and  efficiency.  To  get  the  full  case 
study,  other  case  studies,  or  third-party  findings,  visit  microsoft.com/getthefacts 


Windows 
Server  System 


©  2004  Microsoft  Corporation.  All  rights  reserved.  Microsoft,  Windows,  the  Windows  Logo,  and  Windows  Server  System  are  either  registered  trademarks  or  trademarks  of 
Microsoft  Corporation  in  the  United  States  and/or  other  countries.  The  names  of  actual  companies  and  products  mentioned  herein  may  be  trademarks  of  their  respective  owners. 


IT'S  ALL  ABOUT  THE  EXECUTION 


Michael  Schrage 


Lights,  Camera,  IT  Action! 

If  CIOs  are  serious  about  alignment,  they  might  want  to  encourage  their  staffs  to 
pick  up  video  cameras  and  record  users  in  action 


There’s  no  business  like  show  business,  not  even  IT. 

Then  again,  there’s  no  reason  why  show  business 
can’t  play  a  starring  role  for  CIOs  desperately 
searching  for  enterprise  hits.  But  don’t  think 
“big-budget  blockbuster”— think  “clever  independent  film  made 
on  a  shoestring.” 

Like  enterprise  IT,  the  movies  are  a  global  business  that 
blends  budgets,  talent  and  technology  to  make  money  world¬ 
wide.  Unlike  IT,  the  movies  blend  those  budgets,  talents  and 
technologies  in  an  effort  to  tell  a  compelling  story. 

While  compelling  is  not  exactly  a  word  that  is  synonymous 
with  IT,  there’s  no  reason  why  CIOs  can’t  “go  Hollywood”  and 
attempt  to  tell  IT’s  stories  in  and  outside  their  enterprise.  More 
important,  CIOs  should  get  their  people  to  tell  and  sell  their 
stories.  Everybody  who’s  anybody  in  enterprise  IT  should  be 
making  mini-multimedia  movies  for  internal— and  even  exter¬ 
nal-consumption.  Today’s  CIOs  need  to  become  tomorrow’s 
executive  producers  of  their  own  little  silicon  studios. 

Why?  Because  nothing  quite  sharpens  organizational  focus 
more  than  having  to  tell  a  compelling  story  in  words  and  pic¬ 
tures.  That’s  why  this  isn’t  just  a  column  about  IT  moviemak¬ 
ing;  it’s  really  a  column  about  professional  development.  What 
kind  of  IT  organization  are  we  trying  to  build?  What  kinds  of 
alignment  between  IT  and  the  enterprise  should  we  be  trying 
to  create?  These  are  the  “professional  development”  questions 
that  CIOs  should  be  answering. 

Too  many  CIOs  and  IT  organizations  consistently  under¬ 
invest  in  professional  development.  That’s  bad.  Even  worse, 
many  organizations  that  pat  their  own  backs  for  their  pro¬ 
fessional  development  ethos  have  shockingly  narrow  notions 


34 


MAY  15,  2005  |  www.cio.com 


ILLUSTRATION  BY  ISABELLE  CARDINAL 


IT  Security. 


Seen  clearly, 
delivered  objectively. 


At  Protiviti,  we  understand  that  to  protect  you  and  your  customers,  IT 
security  must  be  pervasive  across  your  technology  platform.  That’s 
why  we  provide  clear,  objective  expertise  on  the  key  technology  risks 
you  face.  From  granting  users  access  to  maintaining  customers’  privacy 
to  blocking  entry  of  hackers,  we  approach  the  challenges  of  security 
from  a  business  perspective.  We  understand  your  business  situation, 
the  industry  and  the  regulations,  and  then  implement  sustainable  IT 
security  that  allows  you  to  advance  your  technology  with  confidence. 

Say  i  to  IT  security  that’s  clear  and  objective  -  call  888.556.7420 

or  visit  Protiviti.com. 


-  Security  and  Privacy 
Solutions 

-  Continuity  Solutions 

■  Change  Management 

-  IT  Asset  Management 

-  Program  Management 

-  Application  Effectiveness 


-  Event  Response 

-  Governance 

-  Financial  Risk 

-  Operational  Risk 


I  Michael  Schrage  IT'S  ALL  about  the  execution 


of  what  that  should  mean. 

For  example,  I  know  one  Fortune  100  company  that  cheer¬ 
fully  reimburses  developers  for  certification  in  a  markup  lan¬ 
guage  but  declines  to  pay  a  penny  if  they  want  to  learn  a 
language  such  as  Hindi  or  Spanish.  Other  companies  put  their 
people  through  project  management  classes  and— God  for¬ 
bid!— managerial  leadership  classes  that  focus  on  the  skills 
and  competencies  for  doing  their  IT  jobs  better.  Alas,  these 
professional  development  efforts  rarely  seem  to  revolve  around 
helping  others  do  their  jobs  better.  There’s  a  “path  of  least  resist¬ 
ance”  quality  to  professional  development  investment  in  peo¬ 
ple  that’s  both  disheartening  and,  frankly,  uneconomic. 

The  Reel  Story 

Which  brings  us  right  back  to  the  movies-as-professional- 
development-tool  media.  Want  to  roll  out  a  new  point-of-sale 
(POS)  system  to  service  employees  who  barely  graduated  high 
school?  Send  out  three  or  four  teams  of  programmers  and  proj¬ 
ect  managers  with  digicams  to  record  interviews  and  interac¬ 
tions  with  the  users  of  the  existing  systems.  Have  them  edit  their 
field  research  into  two  or  three  seven-minute  “minidocumen¬ 
taries”  that  detail  the  daily  challenges  these  cashiers  face  in 
performing  their  jobs  well  under  pressure. 

Indeed,  one  restaurant  chain  did  just  that:  They  videotaped 
cashiers  who  were  using  new  POS  systems  and  discovered  that 
the  cashiers  weren’t  using  them  in  the  way  the  designers  had 
intended  them  to.  These  videotapes  helped  the  software  devel¬ 
opment  teams  hear  and  see  what  problems  both  cashiers  and 
their  customers  were  dealing  with  in  the  checkout  lines. 
Another  company,  IDEO,  a  design  firm,  frequently  videotapes 
users  in  the  course  of  designing  new  products  for  its  clients. 
After  all,  observing  the  reality  of  what  customers  and  employ¬ 
ees  do  is  the  essence  of  “requirements  analysis.” 

The  same  principle  can  be  applied  to  deploying  a  self- 
service  website  for  customers  or  suppliers.  Why  not  use  digi¬ 
tal  videotapes  that  detail  how  individuals— live  human  beings, 
not  aggregated  server  data  dumps— hesitate  and  delay  before 
they  point  and  click?  Listen  to  how  they  think  out  loud  as  they 
navigate  the  site.  Even  a  choppily  edited  movie  of,  say,  seven  or 
eight  individuals  trying  to  make  the  prototype  site  work  for 
them  would  utterly  transform  how  a  design  team  would  add 
features  and  functionality,  or  strip  them  out. 

These  are  the  easy  examples.  I  can  only  imagine  what  kind 
of  digital  epics  could  be  filmed  and  edited— even  without  spe¬ 
cial  effects— for  an  SAP  or  Ora¬ 
cle  or  Siebel  rollout.  Heck,  I 
think  there’d  even  be  a  decent 
audience  for  a  10-minute  Ban- 
galore-based  documentary  that 
gives  employees  insight  into 
how  their  help  desk  inquiries 
are  really  handled.  The  point: 


A  Piece  of  the  Action 


Michael  Schrage  imagines  the  possibilities 
of  a  filmed  SAP,  Oracle  or  Siebel  rollout. 

Can  you  picture  the  potential  of  recording  the 
great  works  of  your  IT  department?  Share 
your  opinion  in  the  online  version  of  the  arti¬ 
cle;  find  the  link  at  www.cio. com/051505. 

cio.com 


Nothing  quite  sharpens  orga¬ 
nizational  focus  more  than 

having  to  tell  a  compelling 
story  in  words  and  pictures. 

IT  needs  the  discipline  of  connecting  the  work  it  does  with  the 
work  it  enables. 

Every  IT  shop  could  benefit  both  themselves  and  their  clients 
by  undergoing  the  rigors  of  making  a  movie.  The  value  of  being 
onsite  and  gathering  multimedia  material  is  only  outweighed 
by  the  challenge  of  editing  that  material  into  a  narrative  with 
characters  and  a  theme.  Can  they  do  this  on  their  own?  Train¬ 
ing,  guidance  and  support— whether  from  talented  amateurs  or 
film  school  graduates— is  essential.  But  CIOs  should  encourage 
this  precisely  because  it  pushes  IT  employees  to  literally  take 
a  different  view  of  their  work. 

I  can  just  imagine  a  few  IT  old-timers  bellyaching  that  we 
don’t  ask  development  teams  to  document  their  own  code  any¬ 
more;  we  have  technical  writers.  So  why  try  to  turn  decent 
developers  into  less-than-mediocre  multimedia  filmmakers? 

My  answer  holds:  Because  literally  giving  people  the  tools, 
techniques  and  technologies  to  better  understand  their  cus¬ 
tomers  and  pushing  them  to  translate  that  understanding  into 
usable  narratives  that  inform  others  is  what  professional  devel¬ 
opment  should  be  all  about.  The  goal  isn’t  to  produce  award¬ 
winning  digi  tal  video;  it’s  to  produce  world-class  IT  deployments. 

Better  informed,  more  aware  people  produce  better  soft¬ 
ware.  Just  as  important,  IT  customers  and  clients  would  now 
have  a  visual  clue  as  to  how  they  are  seen  by  their  apps  and  sys¬ 
tems  providers.  These  minimovies  may  be  the  basis  for  their 
own  education  and  training.  The  most  successful  of  these  efforts 
will  turn  into  desktop  video  documentation  that  makes  life 
better  for  both  IT  developers  and  IT  users. 

The  worst  of  these  movies?  Well,  they’ll  be  painful  reminders 
that  telling  good  stories  is  hard.  They’ll  be  a  goad  to  developers 
who  can  now  see  with  their  own  eyes  that  they  haven’t  done  as 
good  a  job  as  they  might  in  communicating  requirements, 
expectations  or  accomplishments.  That’s  an  important  part  of 
professional  development  too. 

Whether  IT  discovers  its  own  David  Leans,  Steven  Spiel¬ 
bergs  or  Martin  Scorceses  is  completely  beside  the  point.  The 
issue  for  CIOs  is  taking  advantage  of  ever-cheaper  and  ever¬ 
more  pervasive  technology  to  help  IT  educate  itself.  CIOs  who 
really  care  about  developing  their  people 
should  look  them  straight  in  the  eye  and  say, 

“You  oughta  be  in  pictures.”  QE1 


Michael  Schrage  is  codirector  of  the  MIT  Media 
Lab’s  eMarketing  Initiative.  He  can  be  reached  at 
schrage@media.mit.edu. 


MAY  15,  2005  |  www.cio.com 


PHOTO  BY  JOHN  SOARES 


You  can  get  more  out  of  your  technology  investment  by  making  sure  employees  have  access 
whenever  they  need  it.  No  downtime.  No  waiting  for  answers.  Now  Sprint  makes  it  easy  for  you  to 
keep  them  connected.  As  the  first  major  provider  of  end-to-end  managed  wireless  service,  we  bring 
you  the  benefits  of  a  mobile  network  without  the  headaches  and  hassles  of  running  it.  We  integrate, 
administer  and  support  multiple  platforms  and  devices.  We  centrally  update  mobile  software.  We 
keep  you  secure  with  remote  device  disablement  and  password  enforcement.  Sprint  Managed 
Mobility  ServicesSM  help  save  your  company  time  and  money.  And  when  your  people  can  spend 
more  of  their  work  time  actually  working,  your  business  is  more  productive,  powerful,  beautiful. 
With  Sprint,  business  is  beautiful.SM 

>  Visit  Sprint.com/beautiful  for  case  studies  or  call  877-777-5568  >  Wireless.  Data.  Voice.  IR 


©2005  Sprint  All  rights  reserved  Sprint  and  the  diamond  logo  are  trademarks  of  Sprint  Communications  Company  L  P. 


Peer  to  Peer  FIELD-TESTED  IDEAS  FROM  CIOs  FOR  CIOs 


TheTao  of  Supply  Chains 

The  CIO  of  a  national  distributor  says  the  lessons  he  gleaned  from  a 
2, 500-year-old  Taoist  philosopher  helped  him  come  up  with  a  low-cost 
inventory  system  that  worked  by  mike  hugos 


Sun  Tzu  was  a  Taoist  philosopher  who  lived  in  China 
about  2,500  years  ago.  He  wrote  a  book  called  The 
Art  of  War.  It  isn’t  so  much  a  book  about  war  as  it  is 
a  book  about  the  art  of  competition  and  collabora¬ 
tion— whether  in  business,  politics,  the  military  or  even  sports. 
I  have  puzzled  through  this  book  several  times,  and  the  concepts 
that  I  have  taken  away  have  helped  me  develop  and  preserve  a 
reputation  for  IT  agility  within  my  company. 

My  company,  Network  Services,  is  a  nationwide  distribution 
cooperative  that  sells  food  service  items,  janitorial  supplies  and 
printing  paper.  We  are  wholly  owned  by  our  86  member  com¬ 
panies,  each  of  which  has  its  own  facility  and  internal  IT  system. 
They  have  local  customers,  and  we  work  together  to  serve 
national  account  customers.  Our  members’  collective  revenue  is 
over  $7  billion,  and  Network’s  total  national  account  revenue  is 
over  $500  million,  growing  by  double-digit  percentages  every 
year.  We  provide  customers  with  a  tailored  package  of  products 
and  supply  chain  services  to  lower  their  overall  operating  costs. 

One  of  our  biggest  national  account  customers  is  a  chain  of 
stores  that  each  holiday  season  uses  specially  printed  paper 
items  to  promote  its  holiday  theme.  These  items  are  used  in 
the  customer’s  4,500  stores  during  November  and  December, 
and  when  January  arrives,  any  remaining  inventory  has  to  be 
written  off.  The  same  holiday  print  designs  are  never  used  two 
years  in  a  row.  In  years  past,  there  was  excess  inventory  of 
around  4  percent,  amounting  to  almost  $600,000  in  costs  that 
had  to  be  written  off  by  the  customer. 

This  retail  chain  hired  a  new  purchasing  manager  who 
decided  we  could  all  do  better  than  that  this  holiday  season.  He 
called  us  out  to  the  company’s  headquarters  last  summer  for  a 


3  8 


MAY  15,  2005  |  www.cio.com 


ILLUSTRATION  BY  SCOTT  MENCHIN 


George  is  secure  in  his  information  workplace 
(and  he’s  not  afraid  to  show  it.) 


Worrying  about  viruses  and  unwanted  content  can  hold  you  back.  That’s  why 
thousands  of  companies  across  the  globe  -  from  Fortune  100  organizations  to 
small  businesses  -  rely  on  Sybari  to  secure  their  information  workplaces, 
including  e-mail,  instant  messaging,  and  document  sharing. 

Our  unique  solutions  use  multiple  virus  scanning  engines  and  industry-leading 
antispam  and  content-filtering  technologies  to  stop  threats  before  they  stop 
your  business.  Make  the  move  to  Sybari...  and  experience  the  freedom  of 
security  and  productivity. 


W-  Sybari 

SECURING  THE  INFORMATION  WORKPLACE 


To  learn  more, 

visit  www.sybari.com/cio05 


FIELD-TESTED  IDEAS  FROM  CIOs  FOR  CIOs 


Peer  to  Peer 


meeting.  There,  he  announced  his  intention  to  reduce  excess 
inventory  of  the  specially  printed  holiday  items  by  50  percent 
or  more.  We  still  had  to  maintain  100  percent  product  avail¬ 
ability  for  all  its  stores  and  minimize  expensive  movements  of 
inventory  from  one  region  to  another  to  meet  unexpected 
demand.  He  asked  us  how  we  were  going  to  work  with  him  to 
make  that  happen.  I  told  him  we  understood  what  he  wanted 
and  that  we’d  be  back  in  touch  with  the  specifics  in  a  few  weeks. 

As  we  flew  home,  our  sales  director  on  the  account  told  me 
this  was  a  high- visibility  project  with  the  customer,  and  we  had 
to  figure  out  how  to  do  it.  He  reminded  me  that  it  was  already 
halfway  through  the  summer,  so  we  had  to  be  ready  to  go  in  90 
days  because  we  would  begin  stocking  inventory  in  our  distri¬ 
bution  centers  by  October.  And,  of  course,  we  couldn’t  spend  lots 
of  money  on  this  because  margins  are  tight.  In  addition,  all  the 
parties  in  this  supply  chain  used  different  ERP  systems.  And 
even  within  Network,  the  26  member  companies  that  served 
the  account  used  different  ERP  systems.  Several  times  on  that 
flight,  I  experienced  a  sudden  falling  sensation  in  my  stomach, 
and  it  wasn’t  due  to  air  turbulence. 

Look  for  the  Underlying  Patterns 

At  times  like  these  my  identity  as  IT  Agility  Man  hangs  in  the 
balance.  Can  I  rise  to  the  challenge,  or  will  I  flee  in  panic? 
Agility  means  doing  three  things:  First,  take  a  deep  breath; 
second,  take  another  deep  breath;  then,  remember  The  Art  of  War 
and  ask,  “What  would  Master  Sun  Tzu  do?” 

The  concepts  that  I’ve  been  able  to  absorb  from  Master  Sun 
tell  me  that  apparent  complexity  is  really  composed  of  simple 
underlying  patterns.  If  I  can  discern  those  underlying  patterns, 
then  I  can  devise  simple  and  effective  responses.  So  what’s  the 
pattern  here?  As  I  saw  it,  the  need  was  to  track  daily  product 
usage,  constantly  update  demand  forecasts,  move  inventory  so 
as' to  cover  demand  and  use  it  all  up  by  the  end  of  the  season. 

That  meant  effective  collaboration  among  all  parties  in  the 
supply  chain  to  respond  as  actual  demand  unfolded.  If  our  ini¬ 
tial  assumptions  about  demand  were  not  entirely  accurate  (and 
they  never  are),  we  needed  to  be  able  to  reposition  inventory 
among  distribution  centers  earlier  and  more  efficiently.  No  sud¬ 
den  air-freighting  of  paper  goods  to  stores  across  the  country. 

So,  I  asked  myself,  “What  can  IT  provide  that  will  enable  this 
collaboration?”  Obviously,  what  was  needed  was  a  continu¬ 
ally  updated,  end-to-end  view  of  product  in  the  supply  chain 
that’s  visible  at  all  times  to  people  at  my  company,  the  manu¬ 
facturers  and  the  customer.  That  would  be  the  basis  for  our  col¬ 
laboration  and  decision  making. 

I  know  of  several  fine  software  ven¬ 
dors’  products  that  can  do  that,  but  they 
cost  more  money  than  I  had  to  spend 
and  took  more  time  to  install  than  I 
had  available.  So  much  for  the  orthodox 
ideas.  What  else  could  I  do?  Master 


The  Tao  of  Agility 


Read  an  excerpt  from  Mike  Hugo's 
book,  Building  the  Real-Time  Enter¬ 
prise:  An  Executive  Briefing.  To  find 
the  link,  go  to  www.cio. com/041505 

cio.com 


Sun  says,  “Therefore,  those  skilled  at  the  unorthodox  are  infinite 
as  heaven  and  earth,  inexhaustible  as  the  great  rivers.”  Wow. 
What  unorthodox  ideas  could  I  come  up  with? 

Master  Sun  says,  “There  are  only  five  notes  in  the  musical  scale, 
but  their  variations  are  so  many  that  they  cannot  all  be  heard. 
There  are  only  five  basic  colors,  but  their  variations  are  so  many  that 

What  we  needed  was  a 
continually  updated, 

end-to-end  view  of  product 
in  the  supply  chain. 

they  cannot  all  be  seen.”  Does  this  mean  that  there  is  a  combina¬ 
tion  of  basic  IT  components  that  I  could  use  to  quickly  create  my 
end-to-end  supply  chain  picture  and  keep  it  constantly  updated? 

What  basic  IT  components  do  all  parties  in  this  supply  chain 
have  easy  access  to,  and  how  can  I  combine  them  into  the  sys¬ 
tem  I  need?  I’m  not  going  to  give  you  the  whole  answer  because 
then  you  wouldn’t  get  to  practice  your  own  agility  and  figure 
it  out  for  yourself.  But  I  will  give  you  some  hints.  The  compo¬ 
nents  are  spreadsheets,  text  files,  e-mail,  a  few  webpages,  a 
relational  database  and  some  Java  programs  that  took  about 
three  weeks  to  write  and  test. 

We  assembled  these  components  into  a  system  that  collected 
data  from  all  members  of  the  supply  chain.  The  data  consisted 
of  inventory  amounts  that  were  in  production,  in  warehouses 
and  on  order.  It  also  included  invoice  data  that  showed  our 
deliveries  to  the  customer’s  stores,  which  allowed  us  to  track 
actual  demand  at  the  store  levels  and  regional  levels. 

The  system  was  up  and  running  by  October.  It  was  extremely 
cost-effective  to  build.  We  used  it  to  facilitate  conference  calls 
that  increased  in  frequency  as  the  season  progressed.  On  those 
calls,  we  all  reviewed  the  numbers  and  projected  run-out  dates. 
We  made  decisions  and  continued  to  tweak  the  system  to  incor¬ 
porate  new  views  of  the  data  and  new  calculations. 

We  reduced  excess  inventory  from  4  percent  last  year  to  1.3  per¬ 
cent  this  year  on  increased  total  sales,  and  the  dollar  value  of  the 
excess  inventory  dropped  to  less  than  $200,000.  As  we  reviewed 
the  holiday  season  results  this  January,  the  new  purchasing 
manager  said  he  was  quite  pleased  with  our  performance.  We  are 
working  with  him  and  the  manufacturers  to  document  what  we 
learned,  make  further  improvements  and  extend  the  system  to 
cover  the  rollout  of  other  new  products— -not  just  holiday  items. 
Thank  you,  Master  Sun.  H0 


Mike  Hugos  is  CIO  of  Network  Services  headquar¬ 
tered  in  Mount  Prospect,  III.  If  you  want  to  know 
more  about  how  he  built  this  system,  e-mail  him  at 
mhugos@nsconline.com.  E-mail  comments  to  Execu¬ 
tive  Editor  Alison  Bass  at  abass@cio.com. 


4  0 


MAY  15,  2  005  |  www.cio.com 


YOUR  ERP  SYSTEM  CAN  BE  A  BLACK  HOLE  OF  INFORMATION. 

[Our  customers  see  it  differently  however  thanks  to  Hyperion  dashboards.] 


HYPERION  BUSINESS  INTELLIGENCE 


O  • 

ooo 

o  o 

Hyperion* 


By  freeing  the  information  trapped  in  different  ERP  systems  you  can  have  true  performance  visibility 
across  both  financial  and  operational  data.  Together.  That’s  exactly  what  you  get  with  the  Hyperion 
Business  Intelligence  Platform.  See  what  happens  when  you  transform  business  intelligence  into 
Business  Performance  Management  at  www.hyperion.com 


Jim  Cash  FROM  THE  BOARDROOM 

l  “ 

PART  OF  THE 

CIO  LEADERSHIP 
AGENDA  SERIES 


The  New  Accountabi I ity 

The  board  of  directors’  growing  involvement  and  interest  in  all  things  IT  can  be  good 
for  CIOs,  but  only  if  they  are  prepared  by  james  cash  with  keri  pearlson 


•• 

he  relationship  between  executive  management, 
boards  of  directors  and  board  members  is  changing. 
Some  might  argue  that  it  has  already  changed.  The 
CIO  and  IT  organizations  in  large,  complex  firms 
must  understand  both  the  nature  of  this  new  relationship  and 
the  implications  of  heightened  board  interest  in  the  timeliness, 
integrity  and  quality  of  information  used  by  the  organization, 
communicated  to  external  audiences  and  supplied  to  the  board. 

Over  the  past  two  decades.  I’ve  served  on  more  than  a  dozen 
public  company  boards  Tor  companies  such  as  General  Elec¬ 
tric,  Microsoft,  Chubb,  Sprint,  Radio  Shack,  Alcon  Labs,  Knight 
Ridder,  Scientific-Atlanta  and  State  Street— and  a  comparable 
number  of  private  and  nonprofit  boards.  One  of  the  key  reasons 
I’ve  been  given  these  opportunities  is  because  of  the  innovative 
and  high-value  work  done  by  so  many  of  you.  As  information 
technology  has  taken  on  a  more  central  role  in  business  strat¬ 
egy  and  operations,  boards  have  found  it  necessary  to  augment 
their  ranks  with  members  who  understand  IT. 

Sweeping  changes  in  the  regulatory  environment  (such  as  the 
Patriot  Act,  Sarbanes-Oxley  and  Basel  II),  combined  with 
increased  institutional  investor  and  state  attorney  general 
activism,  have  made  the  past  three  years  feel  dramatically  dif-  g 
ferent  from  the  prior  17.  Since  many  of  these  changes  have  to  do  ^ 

with  information  and  information  technology,  the  need  for  an  £ 
IT  perspective  on  boards  has  increased.  While  I  like  to  think  it’s  5 
my  winning  charm  and  erudition  that  earns  me  a  seat  at  these  > 

CD 

tables,  it  likely  has  more  to  do  with  my  27  years  on  the  faculty  § 
at  Harvard  Business  School  researching  the  role  of  CIOs  and  IT  < 
in  large  multinational  firms. 

In  this  new  col  umn,  I  will  share  my  perspective  on  the  impli-  d 


42 


MAY  15,  2005  |  www.cio.com 


►  Microsoft  Windows  XP  Service  Pack  2:  Download  it  for 
free  and  get  stronger  system  control  and  proactive  protection 
against  security  threats. 

►  Free  Tools  &  Updates:  Download  free  software  like  Microsoft 
Baseline  Security  Analyzer  to  verify  that  your  systems  are 
configured  to  maximize  security.  Manage  software  updates 
easily  with  Windows  Server  Update  Services. 


►  Microsoft  Risk  Assessment  Tool:  Complete  this  free,  Web- 
based  self-assessment  to  help  you  evaluate  your  organization's 
security  practices  and  identify  areas  for  improvement. 

►  Internet  Security  and  Acceleration  Server  2004:  Download 
the  free  120-day  trial  version  to  evaluate  how  the  advanced 
application-layer  firewall,  VPN,  and  Web  cache  solution  can 
improve  network  security  and  performance. 


Find  the  tools  and  guidance  you  need  for  a  well-guarded  network 
at  microsoft.com/security/IT 


C  2005  Microsoft  Corporation.  All  rights  reserved.  Microsoft,  Windows,  and  Windows  Server  are  either 
registered  trademarks  or  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries. 


Microsoft 


■Jim  Cash  from  the  boardroom 


Changes  Across  the  Board 

Directors  today  are  more  active  and  independent,  and  more  is  expected  from  them 


The  Way  It  Was _ How  Things  Have  Changed 


Traditionally,  the  Chairman  and  CEO  roles  were  combined  into  Many  corporations  have  a  nonexecutive  Chairman  or  a  Lead 
one  job,  with  compensation  primarily  based  on  the  marketplace  Director.  CEO  compensation  is  more  actively  tied  to  organiza- 

analysis  and  market  price  of  the  company’s  stock.  tional  capabilities  and  the  performance  of  the  business  and  less 

to  valuation  in  the  capital  markets. 


CEO  and  board  evaluations  are  done  as  part  of  a  regular, 
systemic  process  and  include  self-evaiuafion  and  360  reviews, 
often  with  third-party  facilitation.  Assessments  for  most  audit, 
compensation  and  governance  committees  are  mandated. 


Director  independence  was  not  explicitly  assessed;  the  screen¬ 
ing  process  focused  on  a  person’s  ability  to  think  and  act 
independently.  Not  as  much  attention  was  paid  to  business 
and  family  relationships  that  could  cause  conflicts  of  interest. 

Guidelines  to  assess  independence  have  caused  many 
corporations  to  dramatically  reduce  the  number  of  “inside 
directors”— members  of  the  executive  management  team 
who  are  also  members  of  the  board— especially  on  audit, 
compensation  and  governance  committees. 

Board  members  were  elected  for  staggered,  multiyear  terms. 
There  was  usually  an  assumption  that  an  individual  would 
remain  on  the  board  for  the  duration  of  his  working  life. 

Board  members  are  elected  annually.  Most  boards  have  a  manda¬ 
tory  retirement  age,  and  some  have  term  limits.  Board  members 
are  expected  to  submit  a  letter  of  resignation  after  a  significant 
change  in  their  job  or  professional  status,  which  will  be  evaluated 
based  on  how  well  they  can  contribute  in  their  new  position. 

Boards  met  three  to  four  times  a  year,  with  as-needed  telephone 
meetings. 

Boards  have  increased  the  number  of  scheduled  telephone 
and  face-to-face  meetings. 

Board  reviews  of  SEC  filings  and  other  routine  documents 
were  fairly  passive;  primary  responsibility  fell  to  management. 

Board  members’  accountability  for  SEC  filings  has  increased. 

A  very  detail-oriented  meeting  usually  occurs  before  signing  off. 

Executive  management  was  present  at  all  meetings  of 
board  members. 

Board  meetings  for  nonmanagement,  outside  directors 
only  have  become  increasingly  common  and  are  mandated 
at  some  companies. 

Outside  board  members  commonly  have  direct  access  to 
nonexecutive  management.  Board  visits  to  business  units  or 
functions  without  the  participation  of  executive  management 
are  increasing. 

A  cash  retainer  and  per-meeting  fee  for  board  members  is  likely 
to  be  combined  with  restricted  stock  grants  that  have  vesting 
or  performance  requirements.  Directors  are  required  to  hold 
a  prescribed  level  of  equity  in  the  corporation,  and  retirement 
programs  have  been  eliminated. 


supported  by  examples,  I  will  coauthor  this  column  with  Keri 
Pearlson,  formerly  one  of  my  doctoral  students  at  Harvard 
Business  School.  She  is  also  a  longtime  colleague  and  researcher 
in  this  field.  We  look  forward  to  not  just  conveying  our  obser¬ 
vations,  but  also  developing  an  interactive  dialogue  around 
this  topic  through  the  CIO  Leadership  Agenda  website, 
agenda.cio.com. 

To  understand  what’s  changed,  you  need  go  no  deeper  than 
the  recently  announced  settlements  and  agreements  by  board 


Outside  board  members  followed  strict  norms  for  communicat¬ 
ing  with  nonexecutive  company  management,  typically  going 
through  the  CEO  or  another  designated  executive. 


Traditionally,  board  compensation  was  a  portfolio  of  items, 
including  a  retainer,  a  per-meeting  fee,  stock  options  and 
a  retirement  package. 


cations  of  what  I’m  hearing  in  the  boardroom  for  CIOs  and  IT 
organizations.  Over  the  next  several  months,  I  will  convey 
answers  to  several  key  questions: 

■  What  does  your  board  of  directors  expect  from  you,  the  CIO? 

■  What  are  the  longer-term  concerns  of  the  board  that  have 
significant  IT  implications? 

■  What  should  you  be  doing  today  to  support  and  prepare 
for  the  board’s  agenda? 

To  ensure  that  my  writing  is  appropriately  researched  and 


CEO  and  board  evaluations  were  done  on  an  as-needed 
basis,  or  when  faced  with  a  transition  or  crisis. 


4  4 


MAY  15,  20  05  |  www.cio.com 


members  of  public  and  nonprofit  organizations  to  pay  fines 
using  their  personal  assets.  Beginning  early  in  this  decade, 
there  has  been  a  significant  number  of  initiatives  by  institu¬ 
tional  investors  (for  example,  Calpers),  regulators  (Securities 
and  Exchange  Commission)  and  rating  organizations  (Insti¬ 
tutional  Shareholder  Services,  Moody)  to  restore  trust  in  our 
capital  markets  and  business  organizations.  Every  director  I 


knowledge  and  attributes  to  participate  at  the  board  level,  I’ve 
seen  several  responses— including  replacing  the  CIO  with  an 
external  hire  or  non-IT  internal  hire  (if  the  current  CIO  isn’t  pre¬ 
pared  and  capable,  it’s  unlikely  a  direct  report  is  prepared), 
moving  the  function  to  another  C-level  executive,  or  hiring  a 
“rent-a-CIO”  firm  as  a  transition  to  new  leadership. 

Future  “From  the  Boardroom”  columns  will  address  in  detail 


In  companies  where  the  CIO  does  not  have  the  attributes  to 
participate  at  the  board  level,  I've  seen  several  responses, 
including  replacing  the  CIO. 


know  is  spending  more  time  serving  a  given  company,  and  the 
work  performed  by  Audit  and  Compensation  committee  mem¬ 
bers  has  more  than  doubled. 

Board  members  feel  more  direct  accountability  for  some 
operational  aspects  of  the  company.  In  the  past,  boards  gener¬ 
ally  did  not  control  or  allocate  specific  corporate  resources. 
Everything  was  done  through  executive  man¬ 
agement,  with  the  board  providing  oversight. 

Given  the  mandated  allocation  of  corporate 
resources— such  as  the  new  audit  committee 
requirements  to  sign  off  on  the  selection  of 
and  fees  for  public  accounting  firms— boards 
now  explicitly  participate  in  operational  deci¬ 
sions.  This  increased  responsibility  and 
accountability  has  precipitated  a  number  of 
changes  in  board  practices  and  processes. 

(See  “Changes  Across  the  Board,”  Page  44.) 

These  changes  lead  me  to  conclude  that 
CIOs  will  soon  be  spending  more  time  with 
individual  board  members  and  subcommit¬ 
tees,  as  well  as  in  board  meetings.  There  are 
several  reasons  for  this  shift.  First,  many 
board  members  are  able  to  judge  the  quality 
and  reliability  of  an  executive  such  as  the  CIO 
only  after  a  sufficient  number  of  observations 
and  encounters. 

Next,  board  members  want  enough  expo¬ 
sure  to  work  performed  by  the  IT  function  to  make  their  own 
informed  judgments  about  its  capability  and  preparedness. 
(An  unfortunate  by-product  of  the  trend  away  from  inside 
directors  is  that  board  members  tend  to  be  less  knowledgeable 
about  internal  operations.)  Finally,  for  key  functions  such  as  IT, 
board  members  want  to  assess  the  bench  strength  below  the  C- 
level  executive  to  ensure  continuity  of  management  if  turnover 
occurs. 

In  the  near  future,  more  companies  will  add  board  members 
who  can  bring  an  IT  perspective  to  their  discussions,  thereby 
increasing  the  visibility  and  accountability  of  the  function.  In 
companies  where  the  CIO  does  not  have  the  personal  skills, 


the  changing  relationship  between  boards  of  directors  and  the 
CIO  and  IT  organizations.  Boards  want  this  function  to  help  cre¬ 
ate  shareholder  value  in  several  major  categories  of  corporate 
endeavor:  generating  top-line  growth,  improving  operational  effi¬ 
ciency,  ensuring  effective  corporate  governance  and  controllership 
(that  is,  keep  me  out  of  jail  and  in  full  possession  of  my  meager  per¬ 
sonal  assets),  and  contributing  to  strategy 
formulation  to  ensure  the  long-term  viabil¬ 
ity  of  the  organization. 

Unfortunately,  you  get  no  credit  for  day- 
to-day  operational  excellence.  Keeping  the 
IT  function  running  smoothly  is  what 
justifies  your  job  at  the  company.  I  realize 
how  hard  it  is  to  successfully  meet  this 
baseline,  but  I  would  not  be  helpful  by 
overstating  its  relative  value. 

We  know  from  the  research  of  MIT’s 
Peter  Weill  that  companies  with  effective 
IT  governance  have  higher  returns  on 
assets  employed.  I  believe  this  may  be 
true  for  corporate  governance  as  well;  a 
well-run  IT  function  leads  to  a  better 
functioning  organization.  Given  these 
high  stakes,  there  will  be  significant  ben¬ 
efits  for  CIOs  who  understand  and  can 
effectively  contribute  to  their  organiza¬ 
tion.  What’s  more,  CIOs  who  demonstrate 
their  knowledge  and  insight  to  board  members  are  increas¬ 
ingly  being  asked  to  join  the  boards  of  other  companies.  The 
challenges  associated  with  this  new  environment  also  bring 
new  opportunities  for  CIOs  who  “get  it.”  EH 


James  Cash  recently  retired  from  Harvard  Business  School  where 
he  was  the  James  E.  Robison  Professor  of  Business  Administration,  senior 
associate  dean  and  chairman  of  HBS 
Publishing.  Keri  E.  Pearlson  is  a  research 
director  with  The  Concours  Group  and  a 
coauthor  of  Managing  and  Using  Infor¬ 
mation  Systems:  A  Strategic  Approach. 


Leadership 

Agenda 

This  story  targets  the 
Leadership  Agenda  topic 
MANAGE  CXO  EXPECTA¬ 
TIONS.  You’ll  find  more 
material  on  this  and  the 
four  other  must-do  topics 
for  2005  on  the  dedicated 
website  AGENDA.CIO.COM. 
Look  there  throughout 
the  year  for  articles,  tools 
and  webcasts  on  driving 
innovation,  proving  IT 
value,  running  IT  efficient¬ 
ly,  developing  leaders  and 
managing  expectations. 

.com 


4  5 


www.cio.com  |  MAY  15.  2005 


Sure,  you  can  save  money  by  working  with  an 
outsourcing  vendor  in  a  faraway  land.  But  don’t  trust 
the  outsourcer  to  install  the  right  security  protections. 
Instead,  follow  these  best  practices  to  make  sure  that 
your  relationship  is  cost-effective  and  safe. 


Reader  ROI 

::  How  to  think  about 
offshore  outsourc¬ 
ing  risk 

::  Five  best  practices 
for  mitigating  off¬ 
shore  risk 

::  What  to  include  in 
a  contract  to  pro¬ 
mote  security 


THIS  IS  WHAT  IT’S  LIKE  to  be  an  employee 
for  Tata  Consultancy  Services  (TCS),  an 
Indian  IT  services  vendor,  when  working  for 
a  big  American  insurance  company  (in  this 
case  CNA): 

When  you  come  to  work,  your  bag  is 
searched.  You  may  be  too.  You  hand  your 
cell  phone  to  the  security  guard,  to  be  picked 
up  when  you  go  home. 

When  you  arrive  at  your  desk,  there  are 
no  traces  of  the  papers  you  worked  on  yes¬ 
terday;  they  got  shredded  last  night.  Don’t 


bother  trying  to  copy  a  digital  picture  of  your 
kids  onto  your  screen;  you  can’t  copy  or 
move  files.  Nothing  remains  but  a  phone  that 
can’t  call  anyone  but  the  help  desk  and  a 
computer  with  CD-ROM  and  floppy  drives 
that  work  fine  but  are  locked  to  you,  as  are 
the  Internet  and  e-mail.  And  taking  home  a 
copy  of  CNA’s  confidential  business  process 
manual  to  bone  up  on  in  your  spare  time  will 
get  you  fired,  as  one  employee  recently  found 
out.  “The  data  and  our  processes  are  too  sen¬ 
sitive.  We  can’t  afford  to  be  lax,”  says  Scott 


46 


MAY  15,  2005  |  www.cio.com 


v-r 


Sysol,  director  of  infrastructure  and  security 
architecture  for  CNA. 

While  experts  disagree  about  the  degree  of 
extra  risk  involved  in  offshore  outsourcing, 
companies  such  as  CNA,  an  insurance  giant 
that  entrusts  TCS  with  its  sensitive  financial 
and  health-care  information,  are  not  taking 
chances  when  they  send  IT  and  business 
process  work  overseas.  They  are  setting  up 
rigid  control  processes  with  high  levels  of  IT 
security.  These  initiatives  cost  money  and 
cause  disruption  for  outsourcers  everywhere, 


but  they  are  also  the  best  ways  to  limit  risks 
associated  with  sending  such  work  offshore. 
(TCS  declined  to  discuss  its  clients.) 

And  while  practices  such  as  forcing  con¬ 
tractors  to  wall  off  work  areas,  slice  up  server 
farms  and  keep  employees  exclusive  to  one 
customer  do  not  serve  the  basic  economies  of 
outsourcing— scale,  sharing  and  repeatabil¬ 
ity— they  are  the  kinds  of  risk-mitigating 
actions  that  customers  and  their  contractors 
must  take  when  working  with  sensitive  busi¬ 
ness  data  and  processes. 


Risk  Is  in  the  Eye 
of  the  Beholder 

Not  all  companies  need  the  kinds  of  security 
measures  that  CNA  has  in  place.  It’s  up  to 
CIOs  and  CSOs  to  define  what’s  an  acceptable 
risk,  outline  security  measures  (in  the  contract 
wherever  possible)  and  monitor  their  enforce¬ 
ment  with  the  cooperation  of  the  provider. 

This  sounds  like  a  no-brainer.  But  it  turns 
out  that  offshore  security  is  often  a  classic- 
case  of  out  of  sight,  out  of  mind. 

“I’d  say  fewer  than  20  percent  of  my  clients 


www.cio.com  |  MAY  15,  2005 


47 


Outsourcing  Security 


audit  the  security  of  their  providers,”  says  Atul 
Vashistha,  CEO  of  NeoIT,  an  offshore  out¬ 
sourcing  consultancy.  “They  just  accept  the 
suppliers’  defined  security  plan  and  don’t 
check  to  see  if  they  are  living  up  to  it.” 

Steven  DeLaCastro,  an  offshore  outsourc¬ 
ing  consultant  with  Tatum  Partners,  puts 
the  total  even  lower,  at  10  percent.  “Sarbanes- 
Oxley  requires  the  right  to  audit  outsourcers, 
yet  companies  aren’t  putting  [audits]  into  the 
contract,”  he  says. 

U.S. -based  companies  routinely  underes¬ 
timate  the  extra  elements  of  risk  introduced 
into  the  offshoring  equation  by  issues  such 
as  poor  infrastructure,  political  instability 
and  legal  systems  that  don’t  line  up  with 
Western  practices,  says  Ken  Wheatley,  vice 
president,  corporate  security  of  Sony  Elec¬ 
tronics.  “People  are  so  focused  on  saving 
money  and  shifting  operations  that  they 
don’t  think  about  the  safeguards  that  need  to 
be  put  in  place,”  he  says.  “They  assume  that 


people  in  different  countries  have  the  same 
mind-set  and  safeguards  and  sense  of  due 
diligence,  and  that’s  just  not  the  case.” 

In  reality,  the  case  varies  by  the  legal  and 
workplace  environment  of  the  host  country. 
Take  India,  for  example.  The  country’s  IT 
industry,  acutely  aware  of  Western  security 
concerns,  has  been  working  since  1998  to  pass 
general  data  protection  and  privacy  laws  such 
as  those  in  the  United  States  and  Europe, 
without  success.  Though  laws  have  been 
passed  that  prohibit  tampering  with  computer 
source  code  and  hacking,  intellectual  property 
and  data  protection  lag  behind  the  West. 

Even  if  stricter  laws  eventually  pass— and 
most  experts  predict  they  will— translating 
them  across  borders  will  still  be  difficult. 
Besides,  relying  on  any  legal  system  to  pro¬ 
tect  your  corporate  assets  is  misguided.  In 
the  end,  only  your  relationship  with  the  out¬ 
sourcer  matters.  “Laws  only  provide  pun¬ 
ishment,”  says  Venugopal  Iyengar,  practice 


director  of  e-security  consulting,  for  Tata 
Consultancy  Services.  “Ultimately,  what  we 
need  is  the  assurance  of  safety  through 
processes  and  best  practices.  Assurance  is 
more  important  than  punishment.” 

Even  the  most  elaborate  security  meas¬ 
ures  will  not  erase  the  savings  of  going  off¬ 
shore.  But  companies  are  inviting  disaster  if 
they  don’t  assess  their  risks— and  their  risk 
tolerance— up  front  and  factor  the  degree  of 
security  they  want  into  the  cost  equation. 

In  this  story,  we  look  at  the  security  risks  of 
offshore  outsourcing  and  offer  best  practices 
for  assessing  them  and  mitigating  them. 

Categories  of  Risk 

CIOs  should  consider  these  four  major  cate¬ 
gories  of  risk  before  negotiating  security 
practices  with  an  offshore  vendor. 

■  THE  TYPE  OF  WORK  BEING  DONE  OFFSHORE. 

Of  the  two  main  categories  of  IT-related  off¬ 
shore  work— software  development  and 
business  process  outsourcing  (BPO)— BPO 
is  riskier  because  it  requires  more  human 
interaction  and  often  focuses  on  sensitive 
data.  In  software  work,  the  primary  risk  is 
intellectual  property  theft.  Few  developing 
countries— with  the  notable  exception  of  Sin¬ 
gapore— have  mature  intellectual  property 
protection  laws.  But  intellectual  property  can 
be  more  easily  protected  with  good  physical 
and  IT  security  measures  than  the  BPO  data. 

■  THE  IMPORTANCE  OF  THE  WORK  TO  REVENUE  OR 
INNOVATION.  For  data,  the  risk  is  measured 
mostly  in  terms  of  regulatory  weight— the 
Health  Insurance  Portability  and  Account¬ 
ability  Act  and  the  Sarbanes-Oxley  Act  being 
two  hefty  examples— and  the  financial  loss 
that  could  result  if  the  data  is  compromised 
or  stolen.  Is  this  new  software  product  that 
you  are  developing  offshore  a  bet-the-com- 
pany  innovation?  If  so,  you  will  want  to  take 
every  possible  security  precaution.  Are  you 
a  manufacturing  company  outsourcing 
maintenance  and  support  for  a  legacy  sys¬ 
tem  that  is  not  critical  to  operations  and  does 
not  process  sensitive  data?  If  so,  your  secu¬ 
rity  risk  is  much  lower. 

■  THE  STRUCTURE  OF  YOUR  OFFSHORE  MODEL. 
Offshoring  pioneers  GE  and  Citibank  built 
their  own  captive  subsidiaries  in  India  in  the 
1990s  because  they  did  not  consider  the  local 
third-party  providers  mature  enough  to  meet 
their  needs.  Experts  still  consider  it  safer  to 


48 


MAY  15,  2005  |  www.cio.com 


hire  your  own  employees  and  dictate  your 
own  procedures  than  to  trust  them  to  out¬ 
siders,  even  though  service  providers— espe¬ 
cially  in  India— have  matured  to  the  point  that 
they  are  on  par  with  Western  outsourcers  in 
terms  of  security  capabilities. 

Captive  locations— which  today  account  for 
30  percent  of  outsourcing  employment  and 
50  percent  of  outsourcing  revenue  in  India, 
according  to  consultancy  A.T.  Kearney— are 
expensive,  requiring  staff  from  headquarters 
to  train  employees,  monitor  management  and 
build  up  the  corporate  infrastructure.  They 
also  face  challenges  in  retaining  local  talent  as 
competition  for  that  talent  grows.  Some  com¬ 
panies  have  created  joint  ventures  with  off¬ 
shore  providers  to  use  the  providers’  access  to 
local  talent  and  later  sell  services  to  others. 

More  companies  sending  work  offshore 
today  are  going  to  third  parties  rather  than 
setting  up  either  captive  operations  or  form¬ 
ing  joint  ventures,  according  to  A.T.  Kearney. 
These  still  require  check-ins  by  customers. 
Some  third-party  vendors  use  subcontrac¬ 
tors  to  perform  work  for  clients,  sometimes 
without  the  clients’  knowledge.  Without 
direct  accountability  to  the  customer,  sub¬ 
contractors  can  be  a  big  security  risk. 

■  YOUR  RISK  TOLERANCE.  Companies  outside 
the  software,  financial  services  and  health¬ 
care  industries— such  as  manufacturing  and 
retail— generally  face  less  risk  in  sending  IT 
and  BPO  work  offshore.  But  some  set  up 
extensive  security  measures  because  the  cul¬ 
ture  of  the  company  demands  it. 

BNSF  Railway,  which  offshores  some  sys¬ 
tem  maintenance  work,  has  a  low  risk  toler¬ 
ance.  The  company  does  not  send  BPO  work 
offshore,  and  most  of  its  capital  is  tied  up  in 
locomotives,  not  mainframes.  Yet  BNSF 
doesn’t  feel  comfortable  with  generally 
accepted  security  standards  for  offshore 
security.  One  example:  network  lines  to  its 
offshore  providers.  Most  customers  of  out¬ 
sourcers  accept  shared  data  pipes  that  seg¬ 
regate  and  shield  each  customer’s  work  from 
the  others.  Security  experts  agree  that  shared 
lines  are  safe  if  managed  properly. 

But  not  BNSF.  “We  started  out  with  a 
shared  line,  and  it  really  limited  us,”  says  Beth 
Bonjour,  assistant  vice  president,  technology 
services  for  BNSF.  “We  weren’t  comfortable 
letting  the  outsourcer  have  access  to  our  pro¬ 
duction  systems  over  that  line.”  BNSF  skipped 


other  valuable  services  that  the  outsourcer 
offered  because  of  it.  Finally,  an  agreement 
was  reached  with  the  outsourcer  to  include  a 
BNSF-managed  dedicated  line  (these  lines  typ¬ 
ically  cost  50  percent  more  than  shared  lines, 
according  to  Forrester  Research).  BNSF  began 
outsourcing  a  portion  of  its  support  and  main¬ 
tenance  for  some  production  systems  at  a  sig¬ 
nificant  cost  savings,  Bonjour  says.  “We’re 
getting  more  value  out  of  the  relationship  now 
than  we  were  at  the  beginning,”  she  says. 

Once  you’ve  got  a  handle  on  your  out¬ 
sourcing  relationship,  follow  these  five  best 
practices. 

THE  FIVE  BEST  PRACTICES 

Keep  control 

In  their  relationships  with  offshore  out¬ 
sourcers,  companies  such  as  BNSF  and  CNA 


retain  control  over  security.  They  make  the 
rules;  they  spec  out  the  infrastructure.  They 
write  contracts  that  spell  out  how  their  ven¬ 
dors’  employees  will  use  computer  networks 
and  how  much  IT  infrastructure  will  be  set 
aside  specifically  for  their  outsourcing  work. 
They  perform  audits  on  security  measures 
and  background  checks  on  employees  after 
the  outsourcers  perform  their  own  checks. 

The  goal:  to  make  sure  outsourcers  prac¬ 
tice  the  security  that  they  preach. 

Getting  that  level  of  control  isn’t  always 
easy,  especially  if  the  contract  has  already 
been  signed.  “I  find  that  with  large  compa¬ 
nies  that  provide  services  to  us,  there’s  an 
assumption  on  their  part  that  they  have  good 
practices  and  policies  in  place,”  and  they 
often  do,  says  Sony’s  Wheatley.  Yet  when 
Wheatley  asks  for  more  details,  “they’ll  take 
issue.  The  inference  is,  ‘Hey,  we’re  doing 
business  with  (whatever  famous  company 
you  want  to  name).  How  dare  you  come  and 


HOW  SECURE  IS  IT? 

The  longer  the  bar,  the  safer  the  outsourcing  destination 

In  order  to  analyze  relative  levels  of  risk,  we  examined  each  country’s  economic 
and  political  stability,  the  quality  of  its  infrastructure,  the  ability  of  its  culture  to 
adapt  to  generally  accepted  ways  of  doing  business  and  the  sophistication  of  its 
intellectual  property  laws. 

SINGAPORE 

AUSTRALIA 

MAL£YSI^^^^^^^^^^  

ISRAEL 


HUNGARY 


m  Economic  and  political  stability 
|  Quality  of  infrastructure 
|  Adaptability  of  culture 
|  Security  of  intellectual  property 

SOURCE:  A.T.  KEARNEY 


THAILAND 


www.cio.com  |  MAY  15.  2005 


49 


People  are  so 
focused  on 
saving  money 
and  shifting 
operations 
that  they  don’t 
think  about 
the  safeguards 
that  need  to  be 
put  in  place. 

-Ken  Wheatley, 
vice  president  of 
corporate  security, 

Sony  Electronics 

ask  us  to  do  certain  things?’  But  when  we’ve 
gone  in  and  tested  their  policies,  100  percent 
of  the  time  we’ve  found  serious  issues.” 

Both  CNA  and  BNSF  have  staff  who  work  on 
securing  and  monitoring  the  outsourced  work. 
Both  manage  the  networks  that  the  outsourcers 
work  on  and  provision  the  servers  and  PCs 
used  by  the  providers  with  software  they 
assemble  and  update  themselves.  They  moni¬ 
tor  network  usage  themselves  and  audit  that 
usage  as  they  would  for  internal  employees. 

It  ain’t  cheap.  In  fact,  for  business  process 
outsourcing,  which  relies  heavily  upon  people 
and  can  involve  highly  sensitive  data,  risk 
management  measures  and  due  diligence  can 
eat  up  15  percent  to  19  percent  of  the  savings  of 
going  offshore,  according  to  the  Tower  Group, 
a  research  and  consulting  company.  For  soft¬ 
ware  development,  which  involves  less  need 
for  access  to  sensitive  data,  the  cost  of  due  dili¬ 
gence  and  risk  management  is  between  6  per¬ 
cent  and  10  percent  of  the  total  savings.  Yet 
even  when  you  add  in  the  cost  of  controls,  the 
overall  savings  are  still  there. 

2  Perform  due  diligence 
work  up  front 

Due  diligence  doesn’t  mean  reading  a 
provider’s  customer  list  and  watching  a 
PowerPoint  show.  Nor  does  it  mean  accepting 


the  vendor’s  claims  that  it  adheres  to  interna¬ 
tional  standards  such  as  COPC,  an  industry 
quality  standard  for  customer  service  contact 
centers,  and  Safe  Harbor,  which  covers  Euro¬ 
pean  Union  data  privacy  protection  rules. 

Given  the  dramatic  growth  and  turnover  in 
many  offshore  companies,  customer  references 
age  quickly.  Worse,  customers  may  not  admit 
to  security  problems  because  they  fear  bad 
publicity  if  word  of  the  problems  reaches  their 
customers.  Indeed,  very  few  companies  were 
willing  to  go  on  the  record  for  this  story  or  dis¬ 
cuss  their  offshore  security  practices. 

Companies  we  spoke  with  said  they  hire 
security  consultancies  that  have  employees  in 
the  various  offshore  destinations  to  check  out 
the  local  reputations  of  the  providers  and  do 
background  checks  on  their  employees.  These 
companies  also  hire  lawyers  in  the  outsourc¬ 
ing  country  to  check  up  on  the  companies  and 
examine  provisions  in  the  contract  to  see  if 
they  will  be  legally  enforceable. 

Security  due  diligence  takes  time,  cautions 
Sony’s  Wheatley.  “People  watch  too  many 
cop  shows.  They  think  we  can  find  answers 
to  security  issues  in  12  hours,”  he  says.  “It 
doesn’t  work  that  way.  Seventy  to  80  percent 
of  the  time  we  find  something  bad  enough 
not  to  do  the  business— or  get  out  of  it  if  we’re 
in  it.  Then  we  need  time  to  figure  out  a  solu¬ 
tion.  Sometimes  two  weeks  turns  into  four 
months  when  we  find  problems.  It  can  take 
time  to  check  these  things  out.” 

3  Lock  down  the 

infrastructure 

From  the  moment  CNA  began  sending  BPO 
and  software  development  work  offshore  in 
2002,  it  took  full  control  of  the  computing 
infrastructure  at  its  outsourcers.  CNA  config¬ 
ured  servers,  laptops  and  PCs  in  the  United 
States  with  all  the  software  that  CNA’s  out¬ 
sourced  employees  would  use.  CNA  sent  staff 
along  with  the  computers  to  set  them  up  in 
India  and  connect  them  with  CNA’s  dedicated 
network  connection.  Firewalls  at  the  provider 
location  and  back  in  the  United  States  help 
prevent  any  viruses  on  the  local  network  at 
the  provider,  or  from  the  network  back  home, 
from  getting  through  to  the  hardware.  When 
the  outsourcer’s  employees  log  in  to  the  CNA 
network,  software  and  security  updates  are 
automatically  loaded  onto  their  machines 


from  CNA  after  a  process  of  software  invento¬ 
rying  and  validation  has  taken  place. 

New  virtualization  software  from  Microsoft 
and  VMware  takes  this  control  to  a  new  level. 
CNA  uses  VMware’s  ACE  software  to  create 
an  image— in  effect,  a  working  duplicate— of  a 
secure  CNA  desktop  on  a  CD  that  it  sends  to 
the  outsourcers,  which  load  the  images  on 
their  own  servers,  PCs  and  laptops.  When 
employees  do  work  for  CNA,  they  double  click 
on  the  image’s  icon  on  their  machines,  the 
CNA  desktop  appears,  and  the  image  takes 
control  of  the  PC  and  its  peripherals.  Employ¬ 
ees  cannot  copy  anything  onto  the  encrypted 
CNA  desktop  nor  take  anything  from  it.  The 
images  can  be  set  to  lock  out  peripherals  such 
as  CD-ROMs  and  USB  flash  drives.  They  can 
also  be  set  with  an  expiration  date  so  that  they 
will  literally  disappear  from  the  computer  on 
a  specified  date— handy  if  the  employee  leaves 
or  the  development  project  ends. 

The  images  also  help  the  offshore  provider 
save  money  because  it  can  load  multiple  images 
onto  a  single  machine.  The  images  give  offshore 
employees  more  control.  They  can  do  CNA 
work  without  being  connected  to  the  CNA  net¬ 
work.  And  if  CNA  allows  them,  they  can  still 
use  the  PCs  for  their  own  internal  e-mail.  “It 
used  to  be  that  employees  would  have  to  log 
out  and  go  to  a  different  computer  to  enter  their 
time  sheets  or  do  e-mail,”  says  CNA’s  Sysol. 
“Now  they  can  do  it  on  their  own  machines.” 

4  Audit  processes  and 
facilities  regularly 

An  offshore  outsourcing  contract  is  like  a 
diplomatic  treaty.  Trust  is  important,  but  it’s 
vital  to  verify. 

BNSF  conducts  independent  audits  of  its 
offshore  contractors’  security  processes  once 
per  quarter,  according  to  Bonjour.  The  com¬ 
pany  also  does  an  independent  review  of 
access  rights  that  the  offshore  employees  have 
to  applications  on  BNSF’s  and  the  providers’ 
internal  networks  to  see  if  the  employees  have 
rights  to  go  where  they  shouldn’t,  or  if  they 
have  moved  on  to  a  new  project  and  still  have 
access  to  the  systems  they  used  to  work  on. 

There  are  standards  to  help  guide  the  audit 
process,  such  as  the  International  Organiza¬ 
tion  for  Standardization  (ISO)  17799  standard 
and  the  Statement  on  Auditing  Standards  No. 
70,  Service  Organizations  (SAS  70  Type  II). 


50 


MAY  15,  2005  |  www.cio.com 


Outsourcing  Security 


IF  YOU  WANT  IT,  PUT  IT  IN  THE  CONTRACT 

A  safe  outsourcing  pact  spells  out  security  requirements  and  sets 
up  regular  audits— and  costly  penalties 

With  legal  recourse  limited  in  many  countries,  the  contract  with  the  provider  becomes 
critically  important  for  outlining  security  responsibilities  and  penalties  for  breaches. 

Leave  plenty  of  time  for  negotiation,  says  Scott  Sysol,  director  of  infrastructure 
and  security  architecture  for  CNA.  “It  is  a  strenuous  process  with  multilevel  reviews 
inside  both  companies,”  he  says.  There  are  also  certain  levels  of  sanctions  that  can  be 
built  into  the  contract.  “You  need  to  get  something  in  the  contract  that  says  if  some¬ 
one  steals  something,  the  contractor  will  take  responsibility,"  says  Sysol.  "We’ve  built 
some  [financial]  sanctions  into  our  contracts.  But  you  can’t  go  overboard  because  the 
providers  will  walk  away  from  the  deal.”  Other  contract  recommendations: 

■  Demand  nondisclosure  and  noncompete  agreements.  With  offshore  providers 
growing  so  rapidly  and  turnover  high— as  high  as  30  percent  in  some  companies— 
it’s  important  to  understand  what  your  offshore  vendor  is  doing  with  your  intellectual 
property  and  to  do  what  you  can  to  keep  people  from  taking  information  about  you 
with  them,  says  Vinnie  Mirchandani,  principal  of  consultancy  Deal  Architect. 

■  Bring  legal  disputes  to  U.S.  courts.  Require  that  the  offshore  vendor  agree  to 
handle  legal  disputes  in  the  United  States. 

■  Require  insurance.  Top  offshore  vendors  have  insurance  to  protect  customers 
against  losses  caused  by  the  vendor  or  its  contractors,  says  Forrester  Research. 

■  Keep  discussions  private.  Insist  on  a  separate  meeting  room  near  the  work  area. 

■  Look  for  certifications.  Though  they  do  not  guarantee  good  performance,  the 

Certified  Information  Systems  Security  Professional,  or  CISSP,  certification  program 
and  Global  Information  Assurance  Certification  at  least  demonstrate  that  employees 
have  had  exposure  to  security  issues  and  best  practices.  -C.K. 


Yet  because  of  the  extra  effort  and  expense 
involved  in  external  audits,  offshore  providers 
may  resist  them,  says  Tatum  Partners’  DeLa- 
Castro.  “If  each  customer  has  the  right  to  audit, 
and  each  demands  specific  security  measures, 
it  becomes  a  thousand  variations  on  a  theme 
and  takes  away  from  the  providers’  ability  to 
standardize  practices  and  swap  people  in  and 
out  from  one  customer  to  the  next,”  says  DeLa- 
Castro.  It’s  easier  to  establish  audits  before  a 
contract  is  signed  than  after  the  fact,  because  it 
could  cause  the  offshore  provider’s  costs  to  rise. 

Auditing  should  carry  beyond  business 
processes.  It’s  important  to  tour  the  build¬ 
ing  where  the  work  is  done  and  make  sure  it 
is  physically  secure. 

“The  big-name  providers  will  put  you  in  a 
modern,  secure  building,  but  you  have  to 
make  sure  that  the  work  will  actually  be  done 
in  that  building,”  says  DeLaCastro.  And  old 
buildings  may  not  be  earthquake  resistant  or 
have  reliable  power  supplies,  backup  gener¬ 
ators,  fire  suppression  systems,  or  alarms 
tied  to  police  and  fire  headquarters,  he  says. 
The  provider  should  also  show  you  a  sec¬ 
ondary  facility  where  your  work  will  be  per¬ 
formed  if  the  primary  site  has  a  problem. 

In  addition,  your  offshore  employees 
should  not  share  space  with  employees 
working  on  other  customer  accounts.  There 
should  be  a  physical  barrier  to  the  work  area 
with  passcard  entry  and  video  surveillance 
of  employees  and  maintenance  staff.  At  the 
end  of  each  day,  any  memos  containing  sen¬ 
sitive  information  should  be  destroyed.  And 
devices  such  as  cell  phones,  pagers  and 
PDAs  that  can  record  or  send  information 
should  be  prohibited. 

Most  countries  do  not  have  the  kind  of 
information  access  that  the  United  States 
enjoys,  which  means  that  it  can  be  difficult  to 
do  independent  background  checks  on  off¬ 
shore  employees,  verify  past  employment, 
search  for  criminal  records  or  do  the  other 
kinds  of  checks  considered  routine  in  the 
states.  Consider  hiring  a  security  consul- 


Taking  Chances 


For  more  on  mitigating  risk  in  your  offshoring 
venture,  visit  our  OUTSOURCING  RESOURCE 
CENTER  for  links  to  past  coverage  as  well  as 
updated  reports.  Find  the  link  at  www.cio.com/ 
outsourcing  or  at  www.cio.com/051505. 

cio.com 


tancy  to  check  out  references  independently. 

Lastly,  look  in  the  mirror.  If  you  are 
demanding  extraordinary  security  precau¬ 
tions  from  your  offshore  vendor,  make  sure 
you  maintain  good  security  practices  at 
home.  “If  your  own  IT  operation  is  poorly 
run,  chances  are  you  will  have  problems  off¬ 
shore,”  says  Richard  Isaacs,  vice  president 
of  security  consultancy  Lubrinco  Group.  “If 
you  run  a  slovenly  shop  here,  then  you  will 
run  a  slovenly  one  offshore.” 

S  Understand  where 
your  work  gets  done 

With  Asia  and  Europe  offering  services,  the 
world  can  seem  like  one  big  outsourcing  oyster. 
But  it’s  important  to  understand  the  political 
context  of  your  contractor’s  work  situation. 
(For  more  about  the  global  risk  climate,  see 
“How  Secure  Is  It?”  Page  49.) 

So  while  it’s  hard  to  conceive  of  a  foreign 
government  stepping  in  and  demanding  dis¬ 
closure  of  your  proprietary  software  and 


data,  it  has  happened.  According  to  Gartner, 
in  2000,  the  Chinese  government  decreed 
that  any  software  using  encryption  had  to  be 
registered  with  the  government,  along  with 
anyone  using  it.  The  government  also  said 
that  any  software  used  in  China  must  include 
encryption  software  manufactured  in  China. 
The  government  eventually  rescinded  the 
decree,  but  if  it  had  remained,  foreign  com¬ 
panies  would  have  faced  the  threat  of  gov¬ 
ernmental  industrial  espionage. 

Security  consultancies  specialize  in  track¬ 
ing  political  risks  in  offshore  destinations. 
“You  want  to  understand  the  powers  and 
predilection  of  the  national  government  to 
look  at  your  data— and  the  chance  that  the 
service  provider  would  comply,”  says  Kelly 
Kavanaugh,  a  Gartner  analyst.  “Some  coun¬ 
try  is  always  getting  caught  doing  some 
industrial  espionage  against  U.S.  companies. 
It’s  nothing  new.”  EH 


Christopher  Koch  is  executive  editor  for  investiga¬ 
tions.  Reach  him  at  ckoch@cio.com. 


www.cio.com  |  MAY  15,  2005 


51 


BY  CHRISTOPHER  KOCH 


7-Eleven  stores  have  always  been  packed  with  all  kinds  of  stuff, 

from  the  mundane  (cigarettes  and  beer)  to  the  delightfully  bizarre  (Pina 
Colada  Slurpees?!),  But  until  recently,  the  stores  were  bare  of  IT  systems. 

By  the  mid-’90s,  in  an  industry  that  thrives  on  local  decision  making, 
7-Eleven  had  punted  many  of  its  stocking  decisions  to  vendors  such  as 
Coke  and  Frito-Lay.  These  suppliers  knew  better  than  headquarters  what 
was  selling  and  what  wasn’t,  according  to  James  Keyes,  7-Eleven’s  presi¬ 
dent  and  CEO.  “We  have  lost  our  way  a  bit,”  he  says,  using  the  present 
tense  because  he  believes  the  challenge  of  pinpointing  what  customers 


* 


VIEW 

i - 1 — jjy 

from  the  TOP 

7-Eleven 
President  and 
CEO  James 
Keyes  says 
the  role  of  IT 
is  to  help  the 
company  sell 
more  stuff. 
That  means 
using  point- 
of-sale  data  to 
maximize  shelf 
space,  reduce 
waste  and 
test-market  the 
latest  products. 


THIS  IS  THE  FIRST  in  a  series  of 
interviews  with  CEOs  and  other 
C-level  executives  about  the  role  of 
IT  in  their  companies  and  what  they 
expect  from  their  CIOs. 

COMING  JUNE  15:  William  Shaw, 
president  and  COO,  Marriott 


want— and  when  they  want  it— is  far  from 
over.  Since  Keyes  took  over  in  2000,  he  has 
put  a  heavy  emphasis  on  IT,  not  only  to 
improve  stocking  decisions  but  also  to 
deliver  new  services  to  customers. 

Keyes’  eyes  were  opened  to  the  strategic 
importance  of  IT  during  a  trip  he  made  in 
1990  to  visit  7-Eleven’s  licensees  in  Japan. 
(At  the  time,  he  was  an  executive  with 
7-Eleven’s  retail  gas  business.)  He  was 
amazed  by  the  way  the  stores  customized 
their  offerings  to  local  demand  and  by  the 


assortment  of  fresh  foods  they  offered,  from 
sushi  to  sandwiches.  The  Japanese  did  it 
with  scanning  data,  rudimentary  data 
warehouses  and  a  nascent  in-store  ordering 
system.  When  he  became  CEO,  Keyes  knew 
that  the  U.S.  stores  had  to  do  the  same.  At  a 
time  when  7-Eleven’s  traditional  niche  is 
being  invaded  by  everyone  from  drug 
stores  to  Wal-Mart,  the  survival  of  the 
business  may  depend  on  it.  We  asked  Keyes 
to  explain  what  he  does  to  get  the  people  in 
his  IT  department  to  think  like  retailers. 


International 


52  MAY  15,  2005  I  www.cio.com 


PHOTO  BY  CHARLES  FORD 


7-ELEVEN  CEO 
JAMES  KEYES  » 
EXPECTS 
I.T.  TO... 

Provide  decision  support 
tools  for  store  managers 

Use  technology  to  deliver 
new  products  and  services 

Pay  for  new  investments 
through  cost  savings 


CIO:  How  has  7-Eleven’s  use  of 
technology  changed  over  time? 

James  Keyes:  Back  in  the  ’20s  when 
people  started  buying  refrigerators  and 
stopped  buying  ice,  we  were  small  enough 
that  the  people  in  the  stores  were  able 
to  talk  to  customers  one  by  one  and  ask. 
“You  don’t  need  ice,  so  what  do  you  want 
instead?”  In  the  next  50  years,  the  business 
became  so  complex  that  we  lost  touch 
with  the  customer;  we  couldn’t  just  talk  to 
them  any  more. 

[Until  1995],  we  had  virtually  no  tech¬ 


nology  in  the  stores  at  all.  We  didn’t  know 
what  we  sold  by  store.  It  was  total  guess¬ 
work.  It  would  take  us  almost  20  days  to 
collect  sales  data  from  the  stores  because 
it  was  all  manual.  Vendors  were  stocking 
our  shelves  themselves.  The  first  step  in 
1995  was  to  automate  the  basic  accounting 
functions.  Then  in  1997,  we  began  layering 
other  capabilities  on  top  of  that  with  the 
intention  of  being  able  to  put  decision 
making  back  into  the  stores. 

We  discovered  that,  with  technology,  we 
can  track  every  item  literally  every  hour 


and  use  that  point-of-sale  data  to  drive  rev¬ 
enue.  In  effect,  we  have  come  full  circle  in 
our  ability  to  respond  to  the  needs  of  the 
customer.  Because  now,  we  can  use  tech¬ 
nology  as  a  surrogate  for  being  able  to  talk 
to  every  customer  who  walks  in  the  door. 
We  don’t  just  have  to  rely  on  items  we  know 
will  sell  quickly,  like  12-packs  of  beer;  we 
can  actually  stock  something  that  we’re 
taking  a  chance  on.  And  in  short  order,  we’ll 
understand  how  the  customer  responds. 

Before  we  had  much  technology  in  the 
stores,  we  used  the  approach  of  “space 


www.cio.com  |  MAY  15.  2005  53 


View  from  the  Top 


selling.”  To  build  sales  and  traffic,  you’d  use 
big  displays  and  make  customers  literally 
trip  over  the  product.  But  we  discovered 
that  you  don’t  need  a  whole  door  full  of 
Coca-Cola  Classic  for  it  to  sell  well,  you  can 
sell  just  as  much  with  one  shelf.  That’s  freed 
up  space  to  try  something  new— let’s  say 
Red  Bull.  We  partnered  with  Red  Bull  and 
said,  Let’s  give  it  a  couple  of  shelves.  When 
customers  went  to  buy  their  Coca-Cola,  they 
saw  an  equivalent  display  of  Red  Bull.  And 
pretty  quickly,  we  discovered  that  using 
space  to  drive  new  opportunities,  rather 
than  using  it  to  [push  known  products 
harder],  allowed  us  to  increase  our  sales- 
per-square-foot  in  the  stores. 

What  convinced  you  that 
technology  could  help 
generate  sales? 

This  got  its  start  at  our  stores  in  Japan.  Here 
in  the  United  States,  we  had  recognized  in 
the  ’80s  that  the  future  of  convenience  stores 
was  going  to  be  to  sell  proprietary  products 
and  fresh  foods.  They  are  unique,  have 
higher  margins  and  drive  more  store  visits. 
Our  answer  at  the  time  was  the  hot  dog  grill. 
Hot  dogs  were  about  the  only  thing  that  we 
could  manufacture  in  the  store.  We  were 
wildly  unsuccessful  in  using  [outside 
providers]  or  any  more  efficient  means  of 
producing  high-quality  food. 

I  went  to  Japan  in  1990,  and  I  saw  that 
there  were  customers  lined  up  to  buy  sushi 
at  7-Eleven  stores.  And  I’m  scratching  my 
head,  saying,  You  know,  we  can’t  sell  a 
decent  hot  dog,  and  they’re  over  there  selling 
high-quality  sushi;  how  are  they  doing  that? 
The  answer  was  this:  We  had  licensed  two 
7-Elevens  in  Japan  30  years  ago,  just  as  scan¬ 
ning  technology  became  available.  They 
grew  up  with  scanning  in  the  stores.  They 
discovered  that  they  could  manage  a  fresh- 
food  manufacturing  capability  using  that 
data.  They  created  commissaries,  bakeries, 
places  where  they  could  make  high-quality, 
fresh  rice  products. 

They  did  it  by  taking  the  scanning  data, 
converting  it  into  a  friendlier  format  and 
pushing  it  back  to  the  store  managers.  But 
they  stopped  short  of  having  the  system 


make  the  buying  decisions 
for  the  managers.  Most  com¬ 
panies  assume  that  data  and 
a  good  algorithm  can  make 
better  demand  decisions 
than  a  human  being.  But 
there  isn’t  an  algorithm  in  the 
world  that  can  predict  what 
is  going  to  [sell]  in  the  local 
neighborhood  that  evening. 

Only  a  store  manager  can 
do  that.  Fresh  food  is  now 
40  percent  of  sales  in  Japan, 
with  only  10  percent  [waste]. 

When  I  saw  what  they  did  in  Japan,  I 
became  a  believer  in  the  power  of  technology 
to  make  every  7-Eleven  store  better  at  retail¬ 
ing,  and  I  also  became  a  believer  in  our  abil¬ 
ity  to  satisfy  customers’  desire  for  portable, 
high-quality  fast  food. 

7-Eleven’s  CIO,  Keith  Morrow, 
reports  to  you.  How  is  that 
relationship  structured? 

Many  companies  look  at  the  IT  department 
as  a  service  organization,  and  they  satisfy 
the  needs  of  their  internal  clients.  We  look 
at  the  technology  department  as  a  key 
stakeholder  in  our  ability  to  satisfy  the  cus¬ 
tomer,  so  IT  is  as  important  a  player  as  mer¬ 
chandising  in  their  ability  to  help  us 
respond  more  quickly  to  customers.  Tech¬ 
nology  is  a  key  part  of  our  strategy,  and  our 
CIO  is  a  key  member  of  our  executive  com¬ 
mittee  and  involved  in  our  strategic  plan¬ 
ning  process. 

Myself  and  other  top  executives,  includ¬ 
ing  Keith,  [get  together]  on  Monday  morn¬ 
ings  to  address  both  pressing  tactical  issues 
and  any  strategic  decisions  for  the  week. 
Then  every  Tuesday,  we  have  a  meeting 
with  the  entire  management  staff— as  many 
as  2,000  to  3,000  people  via  videoconfer¬ 
ence.  It  is  best  to  communicate  with  every¬ 
one  directly  so  everybody  hears  the  same 
message  [about  the  business  strategy]. 
Then,  all  the  managers  cascade  that  infor¬ 
mation  down  to  their  staffs. 

I  also  have  one-on-one  meetings  with  Keith, 
but  the  main  opportunity  is  that  we  have 
made  him  part  of  the  central  business  team. 


How  do  you  decide 
whether  to  fund  a 
new  technology 
investment? 

Many  IT  investments  are 
made  with  a  strict  reliance 
on  cost  reduction  [to  gener¬ 
ate  ROI].  We  do  have  that 
element,  but  we  are  using 
revenue  enhancement  as  the 
primary  return  on  invest¬ 
ment  criteria  for  our  tech¬ 
nology  investments— and 
holding  our  people  account¬ 
able  for  it.  It’s  harder  to  measure,  and  it’s 
harder  to  justify,  you  know,  how  much  of  the 
sales  lift  came  from  the  technology  versus 
better  training  or  better  product?  And  so 
therefore,  a  lot  of  companies  find  it  very  dif¬ 
ficult  to  justify  their  technology  investment 
on  the  revenue  side.  But  we’ve  had  33  con¬ 
secutive  quarters  of  improved  same-store 
sales.  It’s  no  coincidence  that  our  introduc¬ 
tion  of  [the  decision  support  system  in  the 
stores]  was  at  about  the  same  time  that  we 
began  to  see  those  sales  gains. 

What  do  you  like  to  see  in  an 
IT  business  case? 

I  do  something  unfair.  [Laughs]  I  tell  IT  that 
they  have  to  generate  cost  savings  from  the 
project  that  will  cover  the  costs  of  imple¬ 
menting  the  technology.  Then,  I  tell  the  sales¬ 
people  that  they  have  to  have  X  percent 
revenue  increases  after  the  project  is  com¬ 
pleted.  It  gives  them  a  target. 

Is  there  an  IT  project  you  wish 
you’d  never  funded? 

OK,  I’ll  give  you  one.  In  1997,  approximately, 
we  had  become  very  successful  in  the  ATM 
business.  We  were  also  selling  almost  $5  bil¬ 
lion  worth  of  money  orders  per  year,  and 
prepaid  phone  cards  were  a  big  piece  of  our 
business.  We  recognized  that  all  of  these 
services  could  be  delivered  electronically,  in 
a  self-service  environment. 

So  when  I  became  CEO,  we  were  part¬ 
nered  with  NCR  to  develop  a  new  genera¬ 
tion  of  ATM.  We  were  trying  to  do  things 
that  were  very  sophisticated  at  the  time- 


54 


MAY  15,  2005  |  www.cio.com 


PHOTO  COURTESY  OF  7-ELEVEN 


w.  m  poweredbycisco. 

restlessness 

Cubicles  in  the  form  of  wide-open  spaces. 

Corner  offices  that  look  like  company  cafeterias. 

No  matter  where  you  wander  to  find  inspiration, 
the  wireless,  self-defending  networks  of  Cisco 
let  you  access  the  office  anytime,  anywhere. 

Learn  how  Cisco  is  helping  change  business  at 
cisco.com/poweredby. 


TjT 

View  from  the  Top 


like  print  a  money  order,  cash  a  check.  No 
one  [at  NCR]  believed  enough  in  the  busi¬ 
ness  model  that  people  would  do  self- 
service  for  other  things  [besides  cash].  So 
what  we  ended  up  doing  was  taking  pre¬ 
existing  hardware  and  software  and  jam¬ 
ming  it  all  into  one  9-foot  monstrosity  of  a 
box.  We  were  well  ahead  of  the  technology 
curve,  but  customers  didn’t  want  to  use  it. 

The  good  part  about  it  was  we  learned 
that  we  could  sell  a  heck  of  a  lot  of  check¬ 
cashing  services,  money  orders  and  other 
things  if  we  could  do  the  kiosk  right.  It  gave 
us  enough  confidence  to  [continue  devel¬ 
opment],  We  made  it  Web-enabled,  and  we 
shrunk  the  box  down  to  3  feet.  We  now  have 
a  device  we  call  “Vcom”  that’s  in  1,050 
7-Eleven  stores— and  that  goes  beyond  the 
ATM  functions  to  offer  [online  shopping]. 
I’m  hoping  to  introduce  products  that  are 
only  available  through  7-Eleven— or  that 
we  have  a  temporary  exclusive  on.  I  can  see 
us  offering  a  new  record  for  download 
through  Vcom  for  30  days  before  it  hits  the 
stores,  for  example.  We’re  still  early  in 
terms  of  consumer  acceptance  of  a  wide 
range  of  financial  services  at  an  [ATM 
kiosk].  But  it’s  very  promising. 

You  said  a  lack  of  commitment 
to  the  project  was  the  main 
problem.  Explain  what  you 
mean  by  that. 

It  goes  to  the  question  of  who  really  under¬ 
stands  the  customer.  NCR  said,  “We’ve  been 
making  ATMs  since  ATMs  were  around.  We 
know  what  the  customer  wants  in  an  ATM.” 
So  rather  than  looking  at  this  as  an  R&D 
effort,  they  were  focusing  their  R&D  energy 
in  other  areas. 

So  this  was  not  an  issue  of  inter¬ 
nal  commitment,  then? 

No.  One  of  the  advantages  of  being  chief 
executive  is  I  can  get  all  the  internal  com¬ 
mitment  that  I  want.  [Laughs]  The  mistake 
I  made  was  that  I  left  our  IT  group  out  of 
the  project  for  too  long.  I  let  the  merchan¬ 
dising  department  run  the  project  at  the 
beginning  because  they  were  behind  the 
product  concept.  But  if  I  had  it  to  do  over 


The  IT  depart¬ 
ment— just  like 
the  merchandise 
department— 
tends  to  get 
comfortable 
with  the  project 
they  have  on  the 
table.  Achieving 
the  right  balance 
between  finish¬ 
ing  what  we’ve 
got  versus  keep¬ 
ing  an  eye  on 
new  and  better 
technology  is  the 
challenge.” 

-James  Keyes 


again,  I  would  have  brought  some  mer¬ 
chandising  people  into  IT  and  have  the 
project  originate  from  IT. 

If  you  could  change  one  thing 
about  IT  at  7-Eleven  today, 
what  would  it  be? 

Here’s  the  ongoing  challenge— it’s  the  same 
one  I  give  my  merchandisers:  The  opportu¬ 
nities  for  change  are  never  ending.  The  IT 
department— just  like  the  merchandise 
department— tends  to  get  comfortable  with 
the  project  that  they  have  on  the  table. 
Achieving  the  right  balance  between  finish¬ 
ing  what  we’ve  got  versus  keeping  an  eye  on 
new  and  better  technology  is  the  challenge. 
Right  now,  RFID  is  coming  down  the 


road.  There’s  a  tendency  for  IT  groups 
to  look  at  something  like  RFID  in  the  [obvi¬ 
ous]  sense:  Oh,  that’s  a  supply  chain 
opportunity;  we  can  track  inventory.  Well, 
there’s  also  another  element  of  RFID  that 
makes  it  much  more  able  to  serve  the  cus¬ 
tomer.  Imagine  every  food  item  with  RFID 
technology  on  the  label  so  that  as  you  bring 
it  to  the  microwave  or  convection  oven,  the 
product  tells  the  oven  how  long  to  cook. 
These  are  things  that  you  can  do  with  RFID 
to  be  able  to  satisfy  the  customer.  So  get¬ 
ting  our  technology  folks  to  think  like 
retailers  so  that  they’re  looking  at  emerging 
technologies  in  the  7-Eleven  way— to  better 
satisfy  the  customer— that’s  probably  the 
greatest  challenge. 

How  have  you  told  them  to 
address  that  challenge? 

We  are  making  them  part  of  the  retailing 
team.  In  the  ideal  world,  the  IT  group  will 
not  be  seen  as  an  IT  group,  they  will  be  seen 
as  intermixed  within  our  organization  so  that 
it’s  hard  to  tell  the  IT  person  from  the  retailer. 
Now  that’s— like  I  said— in  the  ideal  world. 
[Laughs]  We’re  evolving  toward  that. 

The  way  I’m  trying  to  do  it  is  by  rotating 
people  from  the  business  into  IT.  We  tried 
doing  it  the  other  way,  with  IT  people  mov¬ 
ing  into  the  business,  but  it  didn’t  work. 
Inevitably,  the  business  units  wanted  to  go 
off  and  start  their  own  projects,  and  we 
would  wind  up  with  two  different  IT 
departments  essentially  competing  with 
each  other.  It  works  much  better  to  bring 
the  businesspeople  into  IT  and  then  send 
them  back.  It  leads  to  better  integration 
between  the  two  groups. 

[When  I  came  in,  IT  was  doing  its  tradi¬ 
tional  work]  automating  back-office  func¬ 
tions  like  accounting.  Now  we’re  stretching 
them  to  improve  decision  making  at  the 
store  level.  The  final  frontier  is  to  take  them 
into  satisfying  the  end  customer.  We  want 
them  to  create  systems  like  Vcom  that  drive 
revenue  with  customers.  Getting  there  will 
take  time.  But  it’s  coming.  HE! 

Executive  Editor  Christopher  Koch  can  be  reached  at 
ckoch@cio.com. 


56 


MAY  15,  2005  |  www.cio.com 


PHOTO  BY  CHARLES  FORD 


poweredbycisco 


Customer  preferences,  billings,  account  numbers— in  short, 
everything  to  get  the  job  done— now  available  in  the  comfort  of  home. 

In  real  time.  In  real  terms.  Cisco  IP  Communications  brings  together 
voice,  video  and  data  to  transform  homes  into  call  centers, 

so  employees  don’t  have  to  be  at  work,  to  be  at  work. 

Learn  how  Cisco  is  helping  change  business  at 
cisco.com/poweredby. 


Digital  manufacturing  technology  lets  automotive 
and  aerospace  giants  optimize  their  manufacturing 

processes  and  plant  layouts— before  bending 
and  without  building  costly  prototypes  by  beth  stackpole 

VIRTUALLY  FLAWLES 


Warning  lights  flash  as  cars  careen  into  walls  and 
crumple,  accordion-style.  Crash-test  robots  twist  and  turn  to  avoid  collision,  while  lifelike,  three- 
dimensional  characters  do  their  part  to  reassemble  the  pieces.  This  is  no  extreme  video  game. 
Rather,  it’s  the  latest  chapter  in  an  information  revolution  that  is  transforming  the  manu¬ 
facturing  industry.  Computer  simulation  and  collaboration  technologies,  known  collec¬ 
tively  as  digital  manufacturing,  are  being  used  by  car  companies  and  aerospace  giants 
to  test-drive  product  concepts  and  experiment  with  manufacturing  techniques  in 
lieu  of  building  costly  and  time-consuming  physical  prototypes. 

The  idea  behind  digital  manufacturing  is  to  leverage  IT  to  collaboratively  develop 
the  manufacturing  plan  and  manufacturing  equipment  simultaneously  with  the 
product.  Why  is  this  important?  Because  design  flaws,  manufacturing  kinks  and 
inefficient  processes  can  be  hammered  out  and  corrected  early  on  when 
changes  create  little  disruption  of  critical  time-to-market  schedules.  The 
potential  cost  savings  are  huge.  While  the  concept  isn’t  entirely  new 
(early  iterations  were  known  as  concurrent  engineering  or  design  for 
assembly),  it’s  only  now  starting  to  take  root.  CIMdata,  a  consulting 
and  research  firm  specializing  in  product  lifecycle  management 
issues,  estimates  that  investments  in  digital  manufacturing 


Reader  ROI 

::  How  digital  manufacturing 
optimizes  design  and 
production 

::  Ways  in  which  digital  manu¬ 
facturing  can  save  money 

::  Why  CIOs  are  key  players  in 
digital  manufacturing  efforts 


u 


58 


MAY  15,  2005  |  www.cio.com 


Amal  Girgis,  CIO  for  Pratt  &  Whitney 
Canada,  says  virtual  manufacturing 
saves  the  company  $500,000  for  each 
new  engine  it  produces. 


ip  -  i 

i 

iflki'v  <••  ..  n. 

•" - 

■ 

Manufacturing  Systems 


Hjf 

tj  % 

■  f 

[uLj. 

1*^ 

■,U  1  ' 

-W- 1  - 

Abdallah  Shanti,  CIO  for  American  Axle  &  Manufacturing,  says  manufacturing  in 
North  America  is  "under  global  attack,”  and  it  needs  new  technologies  to  compete. 


technologies  will  grow  at  a  clip  of  more  than 
25  percent  annually  for  the  next  three  years. 

And  CIOs,  rather  than  engineers,  have 
turned  out  to  be  the  linchpins  of  the  digital 
manufacturing  push.  “The  CIO  is  responsi¬ 
ble  for  all  information  technology,  and  [digital 
manufacturing]  is  part  of  information  tech¬ 
nology.  The  way  to  look  at  it  is  as  a  partnership 


between  IT,  engineering  and  manufacturing,” 
says  Amal  Gir'gis,  CIO  of  Pratt  &  Whitney 
Canada.  DaimlerChrysler  Senior  Vice  Presi¬ 
dent  and  CIO  Susan  Unger,  who  has  been  a 
driving  force  behind  the  company’s  digital 
manufacturing  initiative,  known  as  Digital 
Factory,  says,  “If  you  don’t  have  IT  fairly  active 
[with  digital  manufacturing],  there  ends  up 


being  standalone  types  of  activity  and  you 
lose  the  power  of  this  virtual  team.” 

CIOs  have  several  roles  to  play  in  digital 
manufacturing.  They  need  to  be  futurists  who 
identify  the  competitive  possibilities.  They 
must  act  as  key  sponsors  and  change  agents  to 
facilitate  all  the  new  business  processes  and 
organizational  transformations.  And  plenty  of 


60 


MAY  15,  2005  |  www.cio.com 


PHOTO  BY  JOHN  HRYNIUK 


traditional  IT  responsibilities  are  associated 
with  digital  manufacturing.  Orchestrating  a 
product  information  structure  within  the 
organization,  creating  a  data  integration  strat¬ 
egy  to  sync  up  with  other  core  business  sys¬ 
tems,  and  identifying  the  areas  where  digital 
manufacturing  can  deliver  the  most  com¬ 
pelling  results  can  only  be  accomplished 
through  CIO  direction,  in  partnership  with 
executives  in  engineering  and  manufactur¬ 
ing.  “You  have  to  reengineer  an  organization 
to  deal  with  digital  information  and  create  a 
culture  of  sharing  across  functional  areas.  The 
CIO  is  the  enabler,”  says  Michael  Grieves, 
director  of  industry  research  for  the  MIS 
Department  at  the  University  of  Arizona’s 
Eller  College  of  Management. 

VIRTUAL  MANUFACTURING, 
REAL  SAVINGS 

Not  too  long  ago,  it  took  Pratt  &  Whitney 
Canada  (P&WC)  five  years  to  bring  a  new  air¬ 
craft  engine  to  market;  today,  thanks  to  its 
Digital  Engine  initiative  launched  in  2002 
and  other  internal  improvement  initiatives, 
new  engines  take  three  years  to  develop. 
P&WC  is  looking  to  digital  manufacturing 
and  other  technologies  to  reduce  time  to  mar¬ 
ket  even  further,  to  two  and  half  years.  Using 
simulation  to  ferret  out  production  flaws  and 
assess  maintenance  costs  has  had  huge  ram¬ 
ifications— new  engines  designed  in  the  new 
virtual  world  have  saved  the  company 
$500,000  for  each  engine  program  by  elim¬ 
inating  physical  mock-ups,  says  CIO  Girgis. 
Moreover,  70  percent  of  so-called  interfer¬ 
ences— conflicts  between  production  parts— 
are  now  resolved  at  the  early  design  stage. 

The  simulations  also  help  verify  whether 
the  engine  can  be  maintained  cost-effectively. 
Instead  of  building  expensive  wood  or  plastic 
mock-ups  of  an  engine  to  determine  if  main¬ 
tenance  workers  could,  say,  easily  access 
parts,  P&WC  engineers  use  simulated  man¬ 
nequins  to  test  ergonomics  and  estimate 
maintenance  time  more  accurately.  “Cutting 
metal  to  produce  a  product  is  very  slow  and 
very  expensive,”  says  Girgis.  “Seeing  a  simu¬ 
lation  helps  us  understand  what  to  expect.” 

Automotive  companies  Ford,  General 
Motors  and  DaimlerChrysler,  and  aerospace 
company  Boeing,  among  others,  have  recently 


begun  applying  digital  manufacturing  tools 
and  processes  in  earnest.  The  early  results 
are  promising.  According  to  a  2003  CIM- 
data  survey  of  companies  doing  digital  man¬ 
ufacturing,  companies  achieved  one  or  more 
of  these  results:  They  reduced  time  to  mar¬ 
ket  by  30  percent,  pared  the  number  of 
design  changes  by  65  percent,  cut  the  man¬ 
ufacturing  planning  process  by  40  percent 
and  saw  increases  of  15  percent  in  produc¬ 
tion  throughput  on  average. 

When  GM  started  creating  digital  mock- 
ups  for  its  car  designs  in  2000  instead  of 
building  physical  prototypes,  it  saved 
$75  million  in  the  first  year.  Another  impor¬ 
tant  stage  on  the  company’s  road  to  digital 
manufacturing  was  simulating  key  factory 
floor  operations  and  testing  ergonomic 
issues.  GM  now  has  25  Vehicle  Assessment 
Rooms  around  the  globe  where  design  engi- 


neers  and  plant  engineers  convene  to  do  reg¬ 
ular  3-D  assessments  on  vehicles,  testing  out 
things  like  parts  assemblies  and  other 
aspects  of  the  line  before  going  live. 

Since  embracing  digital  manufacturing, 
GM  has  seen  a  lot  of  near-flawless  product 
launches,  says  Terry  Kline,  process  infor¬ 
mation  officer  for  global  product  develop¬ 
ment  for  GM  in  Warren,  Mich.,  and  CIO  of 
GM’s  Asia-Pacific  region.  “Before,  you’d 
build  a  vehicle  in  a  plant  to  find  the  process 
changes.  Now  you  visualize  and  simulate  to 
find  those  changes,”  he  says. 

It’s  a  similar  story  at  DaimlerChrysler, 
says  Unger.  Using  digital  manufacturing 
tools,  the  company  slashed  construction  time 
on  a  new  plant  built  in  Germany  by  30  per¬ 
cent  and  reduced  its  plant  floor  costs  by  more 
than  10  percent  compared  with  factory  proj¬ 
ects  built  and  designed  in  the  traditional 


Rationalizing  factory  flow  and  reducing  do-overs  are  just  part 
of  what  IT  can  do 

Stung  by  mounting  pressures  from  global  competition,  American  manu¬ 
facturers  are  hungry  for  new  technologies  and  ways  of  working  that  will  boost  innova¬ 
tion  throughout  their  products  and  business  processes.  One  of  the  more  promising 
initiatives  in  this  area  is  product  lifecycle  management  (PLM),  an  integration  strategy 
for  seamlessly  delivering  product-related  data  to  everyone  involved  throughout  each 
stage  of  the  lifecycle.  PLM  is  the  logical  precursor  to  digital  manufacturing,  and  compa¬ 
nies  have  gradually  been  putting  these  frameworks  into  place  over  the  past  couple  of 
years  (see  "There’s  a  New  App  in  Town,”  at  www.cio. com/051505). 

PLM's  single  view  of  product  data  facilitates  the  collaboration  and  information 
required  for  digital  manufacturing.  Historically,  diverse  groups  such  as  engineers 
and  production  line  planners  have  worked  from  different  sets  of  data  and  with  differ¬ 
ent  modelingtools,  making  it  nearly  impossible  to  execute  integrated  simulations. 

As  part  of  a  broader  PLM  strategy,  though,  digital  manufacturing  changes  the  game. 
It  becomes  possible  to  bring  a  real-time  component  to  digital  simulations,  helping 
manufacturers  plan  optimal  factory  flow,  validate  processes,  eliminate  prototypes,  and 
reduce  do-overs  (known  as  "scrap  and  rework”).  Product  designers  have  been  doing 
similar  things  with  CAD  (computer-aided  design)  tools  for  more  than  a  decade,  digi¬ 
tally  mocking  up  new  car  models  or  airplane  engines  before  actually  bending  metal  or 
building  costly  one-off  prototypes.  Digital  manufacturing  is  an  attempt  to  extend  those 
same  principles  to  the  build  part  of  the  equation.  -B.S. 


www.cio.com  |  MAY  15,  2005 


61 


Manufacturing  Systems 


DaimlerChrysler  Senior  VP  and  CIO  Susan  Unger  replaced  weeks  of  back-and-forth 
between  engineering  and  manufacturing  with  a  half-hour  simulation  session. 


fashion.  Simulation  has  also  improved  man¬ 
ufacturing  planning  time  by  30  percent 
when  retooling  lines  in  existing  plants  for 
new  products. 

BEYOND  CARS  AND 
SPACESHIPS 

So  far,  automotive  and  aerospace  companies 
are  the  leaders  in  digital  manufacturing. 
“Automotive  and  aerospace  have  invested  so 


heavily  early  on  because  their  investment  in 
tooling  is  so  significant,”  says  Ed  Miller,  pres¬ 
ident  of  CIMdata.  “The  ability  to  understand 
flow  and  how  factories  and  assembly  lines  are 
built  is  so  critical  to  them.”  But  other  sectors 
are  taking  note  of  their  successes.  High-tech 
electronics,  medical  devices,  pharmaceuticals 
and  biotech  are  prime  candidates  for  digital 
manufacturing. 

Some  high-tech  electronics  manufacturers 
already  use  digital  manufacturing  processes, 


in  fact.  The  pharmaceutical  industry  has  con¬ 
centrated  its  use  of  technology  on  the  drug 
discovery  process  rather  than  production.  But 
as  drug  discovery  processes  become  more  vir¬ 
tual,  pharmaceutical  makers  are  likely  to  shift 
their  emphasis  to  digital  manufacturing  tech¬ 
niques  to  bring  drugs  online  quicker  and 
shorten  cycle  times,  says  Grieves. 

Only  the  largest  manufacturers  can  digest 
digital  manufacturing  in  its  current  form. 
Software  and  support  runs  into  the  millions, 


62 


MAY  15,  2005  |  www.cio.com 


PHOTO  BY  RICHARD  HIRNEISEN 


excluding  the  cost  of  hardware  to  support 
the  computing  requirements.  But  vendors 
are  carving  out  applications  such  as  material 
flow  or  tool-cutting  that  will  cost  under 
$100,000,  thereby  allowing  midsize  and 
even  small  manufacturers  to  run  simula¬ 
tions  without  having  to  implement  an  entire 
digital  manufacturing  system,  he  says. 

GAME-CHANGING 

TECHNOLOGY 

Why  the  big  rush  on  digital  manufacturing 
now?  Advances  in  simulation  technology 
from  vendors  such  as  Dassault  Systemes 
and  UGS  have  sparked  interest.  The  soft¬ 
ware  has  progressed  to  the  point  where  vir¬ 
tual  renderings  are  as  accurate  as  real-life 
operations. 

“Simulating  how  a  factory  will  run  before 
you  cut  any  metal  is  cheaper  by  a  mile,” 
explains  Kevin  O’Marah,  vice  president  of 
research  for  AMR  Research.  “You  can  design 
a  product  without  reference  to  manufacturing 
processes,  but  you  might  design  something 
that’s  impossible  to  make.  If  you  do  it  with  ref¬ 
erence  to  manufacturing  processes,  you  can 
better  estimate  what  it’s  going  to  cost  to  design 
the  product  and  what  you  need  to  put  in  place 
to  get  to  high -volume  production.” 

Making  this  virtual  world  real  is  no  small 
feat,  however.  Digital  manufacturing  soft¬ 
ware  is  highly  complex  and  expensive.  It  also 


opens  the  door  to  major  business  process 
change.  There  are  enormous  cultural  chal¬ 
lenges  associated  with  getting  manufactur¬ 
ing  and  engineering  groups  to  work  together 
earlier  on  in  the  development  process. 

Another  reason  for  recalcitrance  is  that 
manufacturing  is  a  traditional  discipline  that 
does  not  easily  adopt  new  ways  of  working. 
Many  midlevel  executives  remain  skeptical 
of  the  claims  made  by  digital  manufacturing 
vendors  and  early  adopters  and  are  not  pre¬ 
pared  to  risk  their  careers  by  pitching  such  a 
substantial  investment  to  senior  manage¬ 
ment.  Finally,  most  companies  would  have 
to  do  a  great  deal  of  advance  work  to  fully 
utilize  digital  manufacturing.  Executives 
would  need  a  perfect  understanding  of  their 
processes  so  that  they  could  accurately 
model  the  building  of  products,  which  is  very 
different  from  traditional  manufacturing 
approaches. 

Historically,  collaboration  between  engi¬ 
neering  and  manufacturing  departments  has 
been  a  sequential  process.  Engineers  work 
their  CAD  tools  to  innovate  product  designs, 
then  throw  a  prototype  over  the  wall  to  man¬ 
ufacturing  engineers,  who  use  their  own  set 
of  tools  to  figure  out  if  it  can  be  manufac¬ 
tured,  and  at  what  cost.  Next  comes  a  round- 
robin  of  tweaking  the  prototype,  testing  its 
manufacturability,  reworking  it  again,  retest¬ 
ing  and  so  on.  This  iterative  process  leaves 
huge  gaps  of  downtime  in  the  time-to-market 


cycle  as  well  as  significant  costs  associated 
with  the  scrap  and  rework  of  building  new 
prototypes.  “If  you  try  to  build  it  without 
simulation,  you’d  miss  three  or  four  weld 
points  or  find  something  doesn’t  fit  together 
because  the  tolerances  weren’t  right,” 
explains  the  University  of  Arizona’s  Grieves. 
“But  you’d  expect  to  have  that  shake  out 
through  experiments  on  the  factory  floor.” 

Not  in  the  digital  world.  The  volleying 
between  the  engineering  and  manufacturing 
groups  happens  concurrently  in  simulations 
and  without  any  physical  prototypes.  After 
engineers  create  a  design,  manufacturing 
engineers  view  the  same  digital  representa¬ 
tion  to  pinpoint  possible  problem  areas, 
which  are  adjusted  before  any  digital  proto¬ 
types  are  made.  The  same  thing  goes  for  the 
production  line.  The  digital  representation  of 
a  product  can  be  simulated  on  a  virtual  man¬ 
ufacturing  line  to  see  if  weld  points  work,  for 
example,  or  if  a  robotic  arm  does  what  it's 
supposed  to  do  without  interferences. 

Not  only  do  companies  save  time  and 
money  this  way,  they  also  have  a  better  chance 
of  optimizing  the  manufacturing  process.  “In 
the  old  way,  you’re  happy  if  you  find  a  process 
method  that  works,”  Grieves  says.  “But  you 
often  left  a  lot  of  cost  on  the  factory  floor,  and 
the  first  method  that  worked  was  used.  With 
an  automated  or  simulated  approach,  you  can 
run  different  alternatives  to  find  the  optimal 
way  to  build  it.” 


I  luil I  not  hlevtk  unw-tbrn  ckoqe. 
I  nil  rtot  -hlmk  unou-H* wiied  cMaMqe,. 

I  tut  I  I  Hit  tdlwdl  UHouthMTld  ckotoqe. 


IF  ONLY  THE  PENALTY  FOR  NONCOMPLIANCE  WAS  THIS  SIMPLE. 


Tripwire  change  auditing  solutions  provide  detective  controls 


TDIDmiDI 

mlrWmt 

Audit  Change.  Prove  Control. 


that  close  the  loop  on  IT  process  deficiencies.  We're  the  antidote 
for  unauthorized  change.  See  how  we  help  you  comply  with 
Sarbanes-Oxley.  And  avoid  the  penalties  of  noncompliance.  Sign 
up  for  our  webcast  Sorting  out  SOX  at  www.tripwire.com/cio. 


Manufacturing  Systems 


CASE  STUDIES  IN  DIGITAL 
MANUFACTURING 

Boeing  is  looking  to  digital  manufacturing  to 
improve  the  maintenance  and  serviceabil¬ 
ity  of  its  aircraft.  Digital  manufacturing  will 
feature  prominently  in  the  787  Dreamliner 
program,  a  new  midsize  jet  design  due  out 
this  year,  with  production  slated  for  2008. 
Using  software  from  Delmia,  the  leading 
digital  manufacturing  vendor,  Boeing  will 
do  everything  from  simulating  how  the 
plane  will  be  assembled  in  the  factory  to  test¬ 
ing  how  specific  structural  components  will 
wear  over  time.  Having  this  level  of  insight 
into  possible  maintenance  issues  prior  to 
finalizing  a  design  will  do  much  to  help  Boe¬ 
ing  engineers  produce  aircraft  that  will  oper¬ 
ate  more  efficiently  and  with  a  higher  degree 
of  serviceability  over  the  typical  30-plus- 


component  to  meet  the  design  engineer’s 
specs.  “It’s  the  old  adage  of  a  picture’s  worth 
a  thousand  words,”  Unger  says.  “It  creates  a 
common  framework  for  people  to  understand 
different  points  of  view  and  eliminates  some 
of  the  functional  biases  that  have  happened  in 
the  past.” 

That’s  not  to  say  digital  manufacturing 
instantly  translates  into  better  cross-func¬ 
tional  communication.  It  takes  a  significant 
amount  of  cultural  and  business  process 
change  to  get  engineers  comfortable  with 
sharing  work-in-progress  designs  earlier  in 
the  process,  not  to  mention  getting  manufac¬ 
turing  folks  accustomed  to  working  with 
incomplete  and  still-evolving  information. 

That’s  where  the  CIO  can  step  in.  Unger 
acted  as  a  sponsor  for  digital  manufacturing, 
along  with  her  counterparts  in  manufactur- 


ica  is  under  global  attack,  and  the  only  way  to 
compete  is  to  be  better  than  the  rest  of  the 
globe— not  only  from  a  product  perspective, 
but  with  processes  and  efficiencies  through 
the  whole  business.  That’s  why  it’s  so  critical 
to  leverage  the  technology  tools,”  he  says. 

With  the  help  of  digital  manufacturing 
technology,  the  $3.6  billion  maker  of  drive- 
line  and  chassis  systems  has  virtual  access  to 
all  17  of  its  factories  so  that  top  executives 
can  monitor  production,  drill  into  quality 
issues  and  put  out  fires  in  real-time.  Before 
any  new  facility  or  piece  of  capital  equipment 
is  approved,  its  business  case  needs  to  be 
demonstrated  through  simulation.  Simula¬ 
tion  tools  are  deployed  to  predetermine  fac¬ 
tory  throughput,  capacity  and  capabilities 
before  they  are  built.  As  a  result,  Shanti  says, 
AAM  today  enjoys  a  Six  Sigma  rating— for 


“The  CIO  is  RESPON  S I BLE  for  all  information  technology,  and 

digital  manufacturing  is  part  of  IT.  The  way  to  look  at  it  is  as  a 
PA  RTNERSHIP  between  IT,  engineering  and  manufacturing.” 

-AMAL  GIRGIS,  CIO,  PRATT  &  WHITNEY  CANADA 


year  lifecycle  of  a  plane.  “Lots  of  times  we 
do  things  because  it’s  better  to  be  safe  than 
sorry,”  explains  Frank  Statkus,  vice  presi¬ 
dent  for  787  Advanced  Technology,  Tools 
and  Processes.  “In  this  way,  we  actually 
design  the  product  so  we  really  understand 
the  lifecycle  of  a  particular  component.” 

At  DaimlerChrysler,  digital  manufacturing 
has  done  much  to  facilitate  communication 
between  design  engineers  and  manufacturing 
engineers.  CIO  Unger  recounts  one  particular 
simulation  session  in  2003  where  the  bene¬ 
fits  seemed  to  crystallize:  Engineering  and 
manufacturing  were  at  odds  over  whether  a 
particular  module  could  be  easily  assembled 
into  a  vehicle.  In  the  past,  there  would  be 
weeks,  maybe  months,  of  back-and-forth  dis¬ 
cussions  in  trying  to  reach  an  accord.  In  the 
new  Digital  Factory  world,  both  sides  partic¬ 
ipated  in  a  half-hour  simulation  session 
where  both  the  module  and  the  virtual  fac¬ 
tory  were  put  on  screen.  There  was  immedi¬ 
ate  understanding  that  a  worker  would  have 
to  step  into  the  trunk  and  blindly  place  the 


ing  and  engineering.  She  also  was  active  in 
identifying  the  areas  that  would  showcase 
the  best  returns  for  Digital  Factory— in  this 
case,  some  of  the  Mercedes  car  programs  and 
the  “body  and  white”  piece  of  manufactur¬ 
ing,  which  is  the  exterior  steel  portion  of  the 
car.  “This  isn’t  any  different  than  any  other 
process  change  you  go  through.  You  have  to 
look  for  early  adopters  and  the  biggest  busi¬ 
ness  problems  you  can  solve,”  Unger  says. 

THE  IMPLEMENTATION 
CHALLENGE 

Because  digital  manufacturing  software  is 
such  a  big  investment,  both  in  financial  terms 
and  the  business  and  process  changes  it 
requires,  it  should  be  tied  to  a  company’s  core 
business  strategy.  At  American  Axle  &  Man¬ 
ufacturing  (AAM),  digital  manufacturing  is 
part  of  the  mission  to  become  a  lean  enter¬ 
prise,  says  Abdallah  Shanti,  vice  president  of 
IT  and  electronic  product  integration  and  CIO. 
“The  manufacturing  industry  in  North  Amer- 


every  1  million  parts  made,  there  are  now  a 
mere  3.4  mistakes— and  the  company’s  new 
factory  in  Mexico  was  finished  five  months 
ahead  of  schedule.  Shanti  expects  more  ben¬ 
efits  as  digital  manufacturing  continues  to 
gain  traction  at  the  company. 

While  the  CIO  needs  to  be  a  player  in  digi¬ 
tal  manufacturing,  he  can’t  be  the  only  one. 
It’s  important  to  engage  allies  in  functional 
areas  such  as  manufacturing  and  engineer¬ 
ing.  At  Ford,  the  digital  manufacturing  project 
is  a  partnership  between  product  develop¬ 
ment,  manufacturing  and  IT.  Information  is 
the  responsibility  of  the  CIO,  while  business 
process  setup  and  priorities  fall  to  the  busi¬ 
ness  areas,  says  Richard  Riff,  a  Henry  Ford 
Technical  Fellow  for  Virtual  Product  Creation 
and  PLM  at  the  company.  “This  has  to  be  a 
partnership  between  business  and  IT,”  he 
says.  “Otherwise  it’s  technology  for  technol¬ 
ogy’s  sake,  not  technology  for  purpose.”  HEJ 


Beth  Stackpole  ( bstack@stackpolepartners.com )  is 
a  freelance  writer  in  Newbury,  Mass. 


64 


MAY  15,  2005  |  www.cio.com 


METWORK 

The  largest  digital  voice  and 
data  network  in  the  U.S. 
and  the  largest  U.S.  provider 
an  the  global  standard. 


EXPERTISE 

Our  people  and  partners 
make  wireless  work  for 
more  businesses  than  any 
other  wireless  carrier. 


APPLICATIONS 

The  broadest  and  deepest 
portfolio  of  wireless 
business  solutions. 


ahead  of  the  game 


gave 

TaylorMade’  more  time  to  sell. 


SERVICE 

24/7  enterprise-grade 
support.  And  the  only 
service  staff  dedicated 
to  business  people. 


Cingular  helped 
TaylorMade  represen¬ 
tatives  maximize  their 
sales  by  deploying  a 
wireless  solution  that 
automated  the 
inventory  process. 
Today,  TaylorMade 
spends  more  time 
cultivating  customers 
and  less  time 
counting  inventory. 


CINGULAR  WIRELESS  MAKES  BUSINESS  RUN  BETTER 


X  cinqular 

raising  the  barT..ill” 


To  find  out  how  Cingular  can  make  your  business  run  better, 

•  call  your  account  representative 

•  click  cingular.com/businessleader 


Global  coverage  based  on  coverage  in  174  countries.  Cingular  covers  over  270  million  people.  Coverage  not  available  in  all  areas. 
All  marks  property  of  their  respective  owners.  ©2005  Cingular  Wireless.  All  rights  reserved. 


New  monitoring  and  tracking  technologies, 
dIus  a  wary  workforce,  can  spell  trouble  for 
:hose  CIOs  whoforget  they’ re  dealing  with 
people— not  applications. 


A  plan  for  putting  radio  frequency  identification  [RFID]  tags  on  shipping  con¬ 
tainers  contributed  to  strained  relations  between  workers  and  management  at 
the  Port  of  Oakland  in  2002  and  eventually  helped  trigger  a  job  action  and  a 
subsequent  [and  widely  reported)  lockout. 

Snowplow  contractors  in  Boston  protested  against  a  new  contract  in  2003 
that  mandated  the  use  of  global  positioning  systems  (GPS)  in  their  vehicles. 

This  year,  several  workers  were  reportedly  fired  after  a  hidden  camera 
caught  them  clocking  out  other  employees  at  an  Air  Canada  facility  in  the 
Toronto  airport.  After  the  firings^  workers  instantly  downed  tools  and  struck 
for  four  hours,  stranding  thousands  of  passengers. 

As  these  examples  indicate,  technology  can  make  people  touchy,  particu¬ 
larly  if  they  believe  the  technology  is  compromising  their  privacy.  But  if  your 
plan  is  properly  organized  and  executed,  employee  reaction  to 
your  implementation  of  what  are  sometimes  perceived  as 
Orwellian  applications  and  systems  doesn't  have  to  hit  the 
evening  news.  Sure,  you'll  never  be  able  to  please  everybody. 

But  careful  planning,  constant  communication  and  a  willingness 
to  nurture  the  fragile  flower  of  employee  trust  can  go  a  long  way 
toward  turning  invasive  technology  into  invaluable  technology. 


Best  practices  for  implement¬ 
ing  monitoring  and  tracking 
technologies 

. .  '■■*3  ■  }■ 

Why  hidden  cameras  should 
be  used  only  as  a  last  resort 

Legal  ramifications  of  RFID 
and  GPS  technologies 


Monitoring  Technologies 


Before  Implementation: 

- »  Establish  Trust 

The  Business  Case:  SuperShuttle,  a  national  transportation 
provider,  wanted  to  equip  all  of  its  drivers  with  GPS-enabled  phones 
in  order  to  improve  scheduling  capabilities  and  customer  service. 
The  Employee  Concern:  Drivers  feared  that  the  company  would 
be  able  to  track  their  movements  even  when  they  weren’t  working. 
What  SuperShuttle  Did  Right:  SuperShuttle  CIO  Michael 
Hogan  and  his  team  explained  to  the  drivers  the  benefits  they  would 
derive  from  the  technology.  For  example,  in  addition  to  spending 
less  time  in  traffic  (the  Vettro  GPS  software  would  help  dispatchers 
guide  them  around  traffic  jams),  the  drivers  also  would  be  able  to 
choose  their  fares.  Previously,  the  dispatchers  had  directed  drivers 
to  their  next  destination.  With  the  GPS  system,  a  driver  could  look 
at  a  list  of  passengers,  immediately  see  where  the  passengers  were  on 
a  map  and  decide  to  take  the  ones  closest  to  him— or  choose  a  longer 
route  that  had  more  riders.  Hogan  emphasized  that  the  GPS  system 
liberated  drivers  to  “determine  their  own  destiny.” 

Hogan  also  let  drivers  know  that  SuperShuttle  would  not— and  could 
not— track  them  after  hours,  even  if  they  decided  to  carry  their  GPS- 
enabled  cell  phones  all  the  time.  (The  tracking  Java  applet  could  simply 
be  turned  off.)  Such  assurances  of  off-the-job  privacy  should  be  one  of 
the  first  steps  taken  before  the  implementation  of  any  new  technology 
that  can  be  seen  as  potentially  facilitating  electronic  eavesdropping. 
The  Lesson:  If  you  don’t  tell  employees  what  to  expect,  they’ll 
invent  something,  and  inevitably,  it  will  be  bad.  Let  employees  know 
what’s  in  it  for  them  before  implementing  a  potentially  invasive  tech¬ 
nology,  and  be  clear  about  the  technology’s  limits. 


During  Implementation: 

' . -  ~  »  Test,  Test,  Train,  Train 

The  Business  Case:  The  latest  version  of  the  UPS  Delivery  Infor¬ 
mation  Acquisition  Device  (DIAD— those  handheld  computers  car¬ 
ried  by  every  UPS  driver)  will  include  GPS  features  to  allow  for  new 
location-based  services,  such  as  preventing  drivers  from  delivering 
packages  to  the  wrong  address. 

The  Employee  Concern:  The  GPS  capabilities  of  the  new  DIAD 
could  make  employees’  lives  more  difficult  by  overwhelming  them 
with  useless  information. 

The  Company  Concern:  Management  worried  that,  if  improp¬ 
erly  implemented,  the  new  GPS  feature  could  simply  annoy  drivers 
with  repeated  warnings  that  they  were  about  to  deliver  a  package  to 
the  wrong  place— even  when  they  were  on  their  way  to  the  right 
one— and  thus,  over  time,  train  them  to  ignore  the  feature. 

What  UPS  Did  Right:  Most  importantly,  UPS  took  its  time.  No 
stranger  to  long  implementation  cycles,  UPS  had  the  new  DIAD  in 
development  and  testing  for  18  months.  The  goal  was  to  fine-tune  the 
system  to  get  the  most  benefit  without  overwhelming  drivers.  “We’re 
not  pressed  to  do  this  stuff  quickly,”  UPS  Systems  Manager  Roy  Lan- 
craft  says.  But  even  after  18  months,  Lancraft  says  the  company  is  still 
looking  to  acquire  more  data  about  how  people  will  work  with  the 
machine  through  in-the-field  testing.  “The  damage  you  can  cause  by 
trying  to  put  it  out  quickly  can  take  many,  many  months  to  correct,” 
Lancraft  says. 

The  Lesson:  Take  your  time,  and  get  employees  involved  in  the 
process  as  early  as  possible.  That  can  prevent  more  serious  prob¬ 
lems  later. 


Sweatshops  Without  f  f  lid 

Monitoring  and  tracking  technologies  change  working  conditions.  And  that  means  your 
contract  with  your  employees  may  have  to  change  too. 


Implementing  new  monitoring  technolo¬ 
gies  without  employee  input  could  put  you 
on  the  wrong  side  of  your  employees' 
union— not  to  mention  the  law. 

Union  contracts  often  include  clauses  that 
trigger  new  negotiations  on  the  basic  collec¬ 
tive  bargaining  agreement  when  companies 
make  significant  changes  to  the  work  envi¬ 
ronment.  And  technologies  such  as  GPS, 
video  monitoring  and  RFID  can  be  inter¬ 
preted  as  significant  changes.  “A  unionized 
employer  has  a  legal  obligation  to  discuss 
with  unions  changes  in  working  conditions,” 
says  Lewis  Maltby,  president  of  the  National 
Workrights  Institute,  a  nonprofit  research 


and  education  group.  “[GPS]  is  clearly  a 
subject  for  bargaining.”  UPS,  for  example, 
included  the  subject  of  GPS  in  its  last  round 
of  negotiations  with  its  employees’  union. 

Maltby  says  his  group  has  done  a  prelim¬ 
inary  legal  analysis  specifically  on  the  GPS 
issue  and  found  that  employers  have  wide 
(but  finite)  leeway.  “There’s  nothing  stop¬ 
ping  a  trucking  company  from  keeping 
track  of  where  their  trucks  are;  they’d  be 
crazy  not  to,”  Maltby  says.  But,  “employers 
who  insist  that  employees  carry  GPS  sys¬ 
tems  24/7  are  asking  for  a  lawsuit.” 

Employers  also  need  to  be  careful  that 
these  new  technologies  don’t  get  used  for 


illicit  purposes.  "That’s  another  piece  of 
it— the  potential  for  blackmail  from  other 
employees,"  says  Frederick  Lane,  an  attor¬ 
ney  and  author  of  The  Naked  Employee, 
which  discusses  the  deterioration  of 
employee  privacy  rights.  Lane  says  that 
the  risk  of  such  problems  is  especially  high 
if  monitoring  is  done  without  employee 
knowledge.  “That’s  one  of  the  problems 
with  hidden  surveillance,”  he  says.  “It 
appeals  to  our  prurient  interests,  and 
some  people  are  going  to  misuse  it.” 

The  Lesson:  When  new  technologies 
involve  privacy  issues,  be  sure  to  check 
with  the  lawyers— and  the  unions.  -C.L 


68 


MAY  15,  2005  |  www.cio.com 


The  Big  Broth efP(MW(Wju  The  more  you  watch  them,  the  less  they  do 


Employers  increasingly  view  employee  monitoring  technologies  in  terms 
of  the  benefits  they’re  believed  to  provide  in  increased  productivity  and 
reduced  opportunity  for  theft  and  other  sorts  of  mischief. 

But  David  Zweig,  professor  of  organizational  behavior  and 
human  resource  management  at  the  University  of  Toronto  and 
author  of  a  recent  study  on  employee  reactions  to  “awareness  sys¬ 
tems"  designed  to  monitor  their  behavior,  notes  that  the  feeiing  of 
constantly  being  watched  can  be  shown  to  reduce  productivity.  And 
the  employee’s  feeling  of  being  left  out  of  the  decision-making 
process  can  create  a  “transactional  relationship’’  in  which  workers 
do  exactly  what  they’re  paid  to  do— and  no  more.  In  the  worst 
cases,  employees  may  devote  their  time,  energy  and  creativity  to 
finding  ways  to  circumvent  the  technology,  Zweig  says,  A  case  in 
point:  Two  Boston-area  snowplow  operators  were  charged  in  March 
with  defrauding  the  city  by  tricking  the  GPS  tracking  system,  mak¬ 


ing  it  look  as  if  they  were  working  on  their  city-contracted  projects 
when  in  fact  they  were  plowing  for  their  private  customers.  Their 
alleged  techniques  were  not  high-tech  but  they  were  clever:  For 
instance,  a  driver  would  carry  two  tracking  devices  in  his  truck, 
making  it  iook  like  both  a  plow  and  a  sanding  vehicle  were  working 
a  road  when  only  one  of  them  was  on  the  job. 

Companies  must  also  temper  any  urge  to  monitor  human  workers 
the  way  they  would  a  cog  in  the  supply  chain.  “Truck  drivers  aren’t 
machines.  And  if  it’s  the  middle  of  August,  and  it’s  105  in  the  shade,  a 
truck  driver  might  stop  for  five  minutes  at  the  7-Eleven  for  a  glass  of 
iced  tea,”  says  Lewis  Maltby,  president  of  the  National  Workrights 
Institute,  a  nonprofit  research  and  education  group.  “If  you’re  con¬ 
stantly  being  called  on  the  carpet  because  you  stopped  to  get  a  drink 
on  a  hot  day,  the  stress  is  going  to  eat  you  alive.” 

The  Lesson:  Employees  are  human.  Treat  them  that  way,  -C.L 


Post-Implementation: 

- — }f  Add  Incentives 

The  Business  Case:  Del-Air,  a  Florida  heating,  ventilation  and  air 
conditioning  contractor,  needed  a  better  way  to  track  its  more  than  400 
technicians  on  their  various  jobs.  In  January  2004,  the  company  dis¬ 
tributed  GPS-enabled  cell  phones  with  a  time-tracking  application. 
Employees  now  punch  in  using  their  phones.  The  application  logs  both 
their  location  and  the  time  they  signed  in. 

The  Employee  Concern:  Increased  micromanagement  of  employ¬ 
ees’  activities  would  rob  their  freedom  and  add  stress  to  their  jobs. 
What  Del-Air  Did  Right:  It  linked  its  new  technology  to  its 
bonus  system.  Del -Air  technicians  are  rewarded  for  completing  their 
work  quickly.  But  when  time  sheets  came  back  on  paper,  nobody 
knew  if  the  company  was  getting  legitimate  data.  That  uncertainty 
made  it  difficult  for  employees  to  trust  that  the  bonus  system  was  fair. 
Now,  Del-Air  CIO  John  Rucker  says  the  workers  accept  that  the  play¬ 
ing  field  is  level.  “When  they  pass  out  the  incentive  checks,”  Rucker 
says,  “everybody  knows  who  the  big  hitter  was.  If  the  employee  is  effi¬ 
cient  with  his  time,  there’s  a  better  than  average  chance  they’ll  get  a 
bonus.”  And  Rucker  believes  that’s  helped  Del-Air  keep  its  best  employ¬ 
ees.  Better  yet,  the  information  can  help  Del-Air  identify  employees 
who  could  benefit  from  additional  training. 

Del -Air  learned  from  a  previous  experience 
with  a  GPS  tracking  system  that  it  launched 
about  five  years  ago.  “After  a  short  period  of 
orientation— 30  to  45  days— we  essentially 
stopped  promoting  the  benefits  of  the  tech¬ 
nology,”  Rucker  says.  And  how  did  that  work 
out?  “We  lost  almost  20  percent  of  our  techs  in 
a  rather  short  period,”  says  Rucker. 

The  Lesson:  Carrots  work  better  than  sticks. 


Post-Implementation: 

- - 1  Grant  an  Amnesty  Period 

The  Business  Case:  To  end  the  practice  of  employees  doing  favors 
for  each  other  by  punching  each  other  out  on  the  time  clock  (making 
it  difficult  to  schedule  work),  Air  Canada  installed  a  secret  camera. 
The  Employee  Reaction:  Outraged  that  they  were  being  spied 
upon,  the  workers  struck  earlier  this  year. 

What  Air  Canada  Did  Wrong:  They  implemented  the  system 
without  telling  their  employees,  thereby  playing  “gotcha.”  They  com¬ 
pounded  that  mistake  by  firing  the  employees  they  caught. 

What  Air  Canada  Should  Have  Done:  David  Zweig,  professor 
of  organizational  behavior  and  human  resource  management  at  the 
University  of  Toronto,  says  the  problems  at  Air  Canada  might  have 
been  resolved  through  communication  and  training.  Air  Canada,  he 
suggests,  should  have  told  its  employees  that  the  old  practice  of  clock¬ 
ing  out  for  buddies  would  no  longer  be  tolerated— and  that  in  order  to 
end  that  behavior,  the  airline  was  installing  cameras  in  the  maintenance 
facility.  Management  should  have  opened  a  dialogue  discussing  why  the 
practice  was  occurring  in  the  first  place.  An  amnesty  period  after 
installing  the  cameras  might  have  defused  the  rancor  that  led  to  the 
strike,  Zweig  says.  (Air  Canada  ultimately  did  reinstate  the  fired  work¬ 
ers  and  open  discussions  with  the  union— but 
only  after  the  damage  had  been  done.) 

The  Lesson:  A  hidden  camera  should  be  a 
last  resort,  not  the  first.  “The  first  reaction 
for  organizations  is  that  monitoring  is  an 
easy  out,”  says  Zweig.  “Other  options  can  take 
a  lot  more  time  and  a  lot  more  trust.”  Pin 


Technology  Editor  Christopher  Lindquist  can  be 
reached  at  clindquist@cio.com. 


Ask  the  Expert 


David  Zweig,  professor  of  organizational  behav¬ 
ior  and  human  resource  management  at  the 
University  of  Toronto,  says  Air  Canada  should 
have  told  its  maintenance  facility  employees 
that  it  was  installing  cameras.  Need  a  little 
advice  BEFORE  YOUR  IMPLEMENTATION 
TURNS  SOUR?  Zweig  is  on  hand  to  answer 
your  questions.  Go  to  www.cio.com/expert. 

cio.com 


www.cio.com  |  MAY  15,  2005 


6  9 


Ws  OK  to  show  off  to  your  friends 
that  you  were  in  CIO. 


But  it’s  even  better  to 
show  your  customers. 


What  better  way  to  inform  your  key  customers 
of  your  editorial  coverage  in  CIO  than  through 
customized  Editorial  Reprints? 


/ 


j  $ 


Leverage  the  positive  impact  of  your  editorial 
coverage  by  using  reprints  for  direct  mail 
campaigns,  seminar  promotions,  employee 
communications,  recruiting  and  marketing  pro¬ 
grams.  Let  us  enhance  your  reprints  with  your  company’s  logo, 
address,  and  sales  message.  Reprints  make  great  SALES  tools  for 
trade  shows,  mailings  or  media  kits. 


And  while  a  framed  copy  of  your 
article  will  look  neat  on  your  wall,  it 
will  look  even  better  in  the  hands  of 
your  customers. 


The  Resource 
for  Information 
Executives 


P  mRS 


Ancillary 

Revenue 

Services 


| MANAGED  REPRINT  PROGRAMS | 


For  more  information  on  customized  editorial  reprints  in  volume  quantities, 
contact  Jesse  Levy  at  212.221.9595  xl23  or  email  jesse@parsintl.com. 
Website:  www.magreprints.com/quickquote.asp 


ILLUSTRATIONS  BY  BRIAN  RASZKA 


ESSENTIAL 


FROM  INCEPTION  TO  IMPLEMENTATION- 1. T.  THAT  MATTERS 


' 


i 


End  user 
developers  are 
everywhere. 
The  key  is  getting 
them  to  work 
for  you. 


Making  It  on  Their  Own 

BY  MEGAN  SANTOSUS 

DEVELOPMENT  |  Know  any  end  users  at  your  organization  who  create  their  own  macros 
with  Excel?  What  about  folks  who  keep  website  content  fresh  by  themselves  instead  of  rely¬ 
ing  on  someone  in  IT?  If  that’s  the  case,  then  your  organization  is  among  the  legions  that  are 
home  to  end  user  developers. 

Such  developers  often  spring  up  from  necessity:  Employees  without  IT  training  increasingly 
need  to  access  and  manipulate  data,  yet  they  no  longer  want  to  wait  for  IT  to  provide  the  tools. 
For  their  part,  IT  people  have  better  things  to  do  than  to  constantly  re-tweak  database 
queries,  reformat  reports  or  fine-tune  business  rules.  Now  a  variety  of  end  user  development 
tools  old  and  new  promise  to  help  both  sides. 

But  before  you  ask  your  end  users  to  take  development  into  their  own  hands  (or  look 
to  stamp  it  out  as  a  scourge),  there  are  issues  to  address,  both  technical  and  political. 
Tossed  unceremoniously  into  their  laps,  end  users  may  resent  the  extra  work  development 
entails.  And  for  IT,  putting  tools  into  the  hands  of  end  users  can  result  in  problems  with 
data  quality,  access,  security  and  more.  But  handled  effectively,  end  user  development  can 
lead  to  happier  lives  for  both  users  and  the  IT  people  who  support  them. 


www.cio.com  |  MAY  15,  2005 


71 


essential  technology 


Developers  Everywhere 

Margaret  M.  Burnett,  a  professor  of  com¬ 
puter  science  at  Oregon  State  University, 
defines  end  user  developers  as  “end  users 
who  create  or  customize  some  kind  of  soft¬ 
ware  so  that  it  works  on  unanticipated 
inputs.”  Classic  examples  include  end  user 
created  spreadsheets,  but  other  applications 
fall  into  the  category,  including  e-mail  filter¬ 
ing  and  Web-based  tools  such  as  wikis  and 
content  management.  Burnett  says  more  end 
users  than  ever  are  developing  software,  and 
the  data  that  those  end  user  programs  touch 
is  becoming  mission-critical. 

But  rather  than  being  something  to  fear, 
end  user  development  can  be  a  worthy 
goal— if  properly  approached.  “End  users 
should  not  only  be  allowed  to  develop  their 
own  software  but  be  encouraged  to  do  so,” 


ever.  To  maintain  good  feelings  all  around, 
IT  should  also  suggest  a  suitable  alterna¬ 
tive  whenever  possible. 

Easy  Does  It 

It’s  also  essential  to  keep  things  as  simple  as 
possible.  Errors  are  a  fact  of  life  in  applica¬ 
tion  creation,  but  they  can  become  a  much 
larger  problem  in  the  relatively  uncon¬ 
trolled  world  of  end  user  development, 
(for  instance,  various  reports  have  shown 
that  30  percent  or  more  of  all  spreadsheets 
have  errors.)  To  reduce  mistakes,  it’s  essen¬ 
tial  to  have  an  intuitive  user  interface.  In 
end  user  development  circles,  typical  inter¬ 
faces  include  “natural-language”  program¬ 
ming  based  on  familiar  syntax  (such  as 
“profit=revenue- costs”)  or  drag-and-drop 
and  pull-down  menu  approaches.  At  Romeo 


Errors  are  a  fact  of  life  in  application 
creation,  but  they  can  become  a 
much  larger  problem  in  the  relatively 
uncontrolled  world  of  end  user 
development. 


says  Shawn  O’Rourke,  CIO  at  the  National 
Council  on  Compensation  Insurance  (NCCI), 
a  workers’  compensation  information  com¬ 
pany.  At  NCCI,  IT  determines  the  tool  set 
standard  (Microsoft’s  Office  Suite  in  its 
case)  and  provides  the  necessary  training 
to  users.  For  the  most  part,  NCCI’k  users 
rely  on  Excel  spreadsheets  and  Access  data¬ 
bases  to  manipulate  information,  including 
aggregating  data  on  the  fly  for  ad  hoc  cus¬ 
tomer  inquiries  about  emerging  compensa¬ 
tion  trends.  Yet  O’Rourke  says  the  effort  to 
maintain  a  good  end  user  to  IT  balance  is 
ongoing.  For  example,  a  user  may  be  a  whiz 
at  using  a  particular  Linux-based  analysis 
tool  at  home  and  think  it  would  make  a  per¬ 
fect  addition  to  Excel.  Yet  NCCI  as  an 
organization  doesn’t  support  Linux,  so 
O’Rourke  would  quell  any  effort  to  intro¬ 
duce  the  idea.  O’Rourke  says  it’s  not  enough 
for  IT  to  reject  tools  and  explain  why,  how- 


Equipment,  a  provider  of  heavy  construc¬ 
tion  machinery,  CFO  Craig  Burkert  uses 
Quantrix  Modeler,  a  quantitative  modeling 
software,  to  create  financial  reports.  About 
a  year  ago,  intrigued  by  its  capabilities  to 
use  natural  language  programming  to  write 
financial  formulas,  Burkert  began  playing 
around  with  the  software.  Burkert  says  he 
now  creates  models  that  are  less  error- 
prone  than  when  he  used  Excel. 

Burkert  uses  Romeo’s  intranet  to  post 
financial  reports  for  regional  managers  based 
on  models  he  creates  with  the  Quantrix  soft¬ 
ware— in  the  process,  highlighting  data  that 
wouldn’t  jump  off  the  screen  with  Excel.  For 
example,  a  manager  may  notice  an  increase  in 
freight  expenses  for  January  that  normally 
might  not  garner  much  attention.  But  if  that 
increase  reflects  a  change  in  policy,  Burkert 
can  easily  throw  a  spotlight  on  the  trends. 
Regional  managers  also  have  secure  access 


Eliminating 
User  Error 

When  it  comes  to  ensuring  that  software 
developed  by  end  users  is  reliable,  CIOs 
have  two  strategies,  according  to  Margaret 
Burnett,  a  professor  of  computer  science  at 
Oregon  State  University  and  project  director 
at  a  research  consortium  called  EUSES  (for 
end  users  shaping  effective  software). 

First,  CIOs  can  take  advantage  of  human 
nature  by  appealing  to  people's  inherent 
need  for  social  regard.  As  Burnett  sees  it, 
end  users  who  work  on  software  develop¬ 
ment  collaboratively  rather  than  in  isolation 
tend  to  instinctively  produce  a  better  prod¬ 
uct,  with  the  idea  that  doing  so  will  earn 
them  the  esteem  of  their  peers. 

Mary  Beth  Rosson,  a  professor  of  infor¬ 
mation  sciences  and  technology  at  Penn¬ 
sylvania  State  University  and  a  EUSES 
colleague  of  Burnett,  concurs  that  there's  a 
huge  psychological  component  to  good  end 
user  development  practices,  and  notes  that 
making  the  debugging  and  testing  process 
more  enjoyable  is  another  approach  that 
can  yield  positive  results.  ‘There  should  be 
emphasis  on  making  the  activities  of  pro¬ 
gramming  and  debugging  more  fun  for  the 
nonsophisticated  user,"  Rosson  says.  She 
highlights  that  games  and  adding  a  sense  of 
competition  to  the  process  are  just  a  couple 
of  techniques  that  can  increase  user  motiva¬ 
tion  to  find  and  correct  errors.  For  example, 
EUSES  researchers  are  working  on  a  tech¬ 
nique  called  WYSIWYT  (for  what  you  see 
is  what  you  test),  a  system  that  color  codes 
the  cells  of  spreadsheets  based  on  whether 
the  end  user  has  tested  the  formulas  in  those 
cells.  As  an  end  user  developer  tests  formu¬ 
las,  the  cells  in  question  turn  from  red  to 
blue.  According  to  Burnett,  the  unobtrusive 
nature  of  the  WYSIWYT  approach  is  one 
of  the  most  effective  ways  to  entice  end 
users  to  find  and  correct  errors  in  their 
own  software  programs.  -M.S. 


72 


MAY  15,  2005  |  www.cio.com 


JUST  BECAUSE  THE  SYSTEM  IS  DOWN 
DOESN’T  MEAN  THE  PEOPLE  USING  IT  SHOULD  BE. 


Constant,  uninterrupted  access  to  critical  data,  systems  and  people.  Even  when  something  goes  wrong.  That's  Information  Availability.  And  one  of  the 
best  ways  to  virtually  guarantee  Information  Availability  is  by  running  your  production  systems  out  of  our  facilities.  You  manage  your  applications  and 
data  while  SunGard  Availability  Services  helps  to  ensure  that  the  infrastructure  and  technical  support  you  need  is  always  on.  SunGard  can  offer  a  secure 
and  scalable  environment  at  a  lower  operational  cost  for  production.  Plus  we  have  over  60  state-of-the-art  hardened  facilities  with  network, 
power  and  equipment  redundancies  that  are  unparalleled.  For  a  free  copy  of  the  IDC  White  SUNGARD 
Paper:  “Ensuring  Information  Availability”  visit  www.availability.sungard.com/idcwp.  Availability  Services 


Keeping  People 
and  Information 
Connected 


essential  technology 


! 


i 


to  the  appropriate  models  and  can  manipu¬ 
late  the  data  themselves  using  familiar  terms 
such  as  “gross  revenue.”  With  Excel,  Burk- 
ert  had  to  create  multiple  spreadsheets  for 
each  region  and  time  period,  an  unwieldy 
process  that  invited  errors.  In  addition,  says 
Burkert,  spreadsheets  created  by  one  person 
aren’t  necessarily  intuitive  for  others  to  use.  A 
tool  such  as  Quantrix,  which  allows  regional 
managers  to  manipulate  their  own  views  of 
the  data,  is  a  big  improvement. 

Burkert  admits  that  getting  up  to  speed 
with  the  software  took  some  work  on  his  end, 
and  training  managers  at  the  company  to 
become  adept  themselves  requires  an  ongo¬ 
ing  commitment.  “Most  people  tend  to  be 
comfortable  with  the  applications  that  they 
use,  such  as  Excel,  so  don’t  underestimate  the 


from  product  development  to  clinical  diag¬ 
nostics,  according  to  John  McNeil,  vice  pres¬ 
ident  of  informatics.  The  object-oriented 
design  of  the  software  isn’t  something  that 
McNeil  himself  would  have  built  from  scratch 
because  it’s  not  relational  technology.  Yet 
the  code  reuse  that  QuickBase  provides  end 
users  has  allowed  a  high  quality  of  pro¬ 
gramming  that  McNeil  finds  impressive. 

Required  Writing 

As  McNeil  and  others  see  it,  end  user  devel¬ 
opment,  when  done  right,  bridges  the  gap 
between  what  end  users  want  and  what  IT 
ultimately  delivers.  More  often  than  not, 
this  gap  rears  its  head  from  the  start  in  the 
requirements  phase  of  projects.  “Gather¬ 
ing  requirements— getting  them  right— is 


End  user  development,  when 
done  right,  bridges  the  gap 
between  what  end  users  want 
and  what  IT  ultimately  delivers. 


effort  it  will  take  to  introduce  [a  new  tool],”  he 
says.  As  for  Romeo’s  IT  department,  Burkert 
says  they  evaluated  the  software  for  its  per¬ 
formance  and  the  quality  of  its  code,  but  left 
to  him  the  final  decision  about  Quantrix’s 
overall  usefulness. 

That  kind  of  partnership  is  ideal  for  end 
user  development  tools.  While  CIOs  such 
as  O’Rourke  say  it’s  important  to  evaluate 
all  tools  in  the  context  of  an  organization’s 
overall  IT  architecture,  it’s  often  the  end 
users  who  first  try  a  tool  and  then  bring  it 
to  the  attention  of  IT.  The  use  of  end  user 
development  tools  “grows  organically  at 
an  organization,”  O’Rourke  says.  “It  takes 
a  lot  of  interaction  back  and  forth  between 
IT  and  the  business  to  see  that  they  are 
deployed  effectively.” 

That’s  what  happened  at  Isis  Pharma¬ 
ceuticals  when  the  CFO  first  started  playing 
around  with  a  workflow  and  data  sharing 
tool  from  Intuit  called  QuickBase.  Over  time, 
QuickBase  spread  throughout  the  organi¬ 
zation,  and  now,  it  is  used  for  everything 


hard,”  McNeil  says.  “Most  software  projects 
fail  at  that  point,  which  means  in  real  life, 
you  end  up  writing  software  twice.”  End 
user  development  can  certainly  reduce  the 
burden  on  IT,  even  if  end  users  produce  a 
prototype  instead  of  a  working  application. 

Apptero  and  iRise,  for  instance,  offer  soft¬ 
ware  to  help  end  users  mock-up  applications, 
complete  with  a  real  application’s  logic,  look 
and  feel,  and.  functionality.  Through  Web- 
based  (or  mock  Web-based,  in  Apptero’s 
case)  menus  and  icons,  minimally  technical 
end  users  can  create  prototypes  and  then 
send  them  to  IT  for  development.  Such  tools 
can  be  a  big  improvement  over— or  at  least 
an  enhancement  to— inches-thick  require¬ 
ments  documents. 


Keep  Up  Online 


Technology  Editor  Christopher  Lindquist 
scours  the  best  of  what’s  on  the  Web  when  it 
comes  to  emerging  technology.  Read  his  blog, 

TECH  LINKLETTER,  at  www.cio.com. 

cio.com 


A  2002  General 


Accounting  Office 
report  showed 
that  spreadsheet 
errors  at  NASA 
contributed  to 

a  $644M 

fiscal  year 

misstatement 
in  1999. 


Judy  McConnell,  a  senior  business  analyst 
at  health-care  provider  Sentara  Healthcare, 
used  iRise  to  create  a  model  of  an  intranet 
application  to  let  employees  request  reim¬ 
bursement  for  local  travel.  She  says  it  was  a 
big  improvement  over  the  animated  Power¬ 
Point  slides  that  she  previously  employed  to 
collect  requirements,  a  process  that  could  take 
days.  In  a  couple  of  days,  iRise  created  a  work¬ 
ing  prototype  for  McConnell  that  demon¬ 
strated  everything  from  initial  data  entry  to 
sending  a  confirmation  e-mail.  Using  iRise, 
McConnell  could  simulate  any  functionality 
she  wanted,  something  that  proved  critical  to 
the  IT  folks  for  whom  she  built  the  model. 
And  unlike  the  PowerPoint  slides,  McConnell 
could  send  a  working  link  to  others  at  Sentara 
to  try  out  the  model  for  themselves. 

But  there  can  be  a  downside  to  all  this 
simplicity  Tools  such  as  iRise  can  result  in 
unrealistic  expectations  for  end  users  who 
may  want  to  prototype  an  entire  system 
simply  because  they  can,  even  if  that  sys¬ 
tem  isn’t  technically  feasible.  For  example, 
McConnell  used  iRise  to  prototype  an  HR 
portal  that  would  ultimately  require  real¬ 
time  interaction  with  various  PeopleSoft 
systems.  But  she  says  links  with  PeopleSoft 
proved  cumbersome  at  first  (a  situation  that 
was  quickly  resolved,  but  one  that  the  proto¬ 
type  couldn’t  anticipate). 

With  iRise,  as  with  any  tool,  end  users 


should  only  focus  on  the  interfaces  and 
navigation,  and  should  leave  the  back-end 
connections  to  the  experts  in  IT.  But  some¬ 
times  end  users  will  prefer  that  everything 
be  left  to  IT.  As  part  of  the  District  of 
Columbia’s  human  services  modernization 
program,  residents  can  apply  for  health¬ 
care  benefits  via  a  Web-based  application. 
Currently,  developers  hard-code  eligibility 
requirements  into  an  iLog  business  rules 
management  system.  But  eventually,  case 
workers,  social  workers  and  other  non¬ 
technical  personnel  will  be  able  to  change 
specific  eligibility  figures.  So  when,  say,  the 
federal  poverty  income  figure  changes,  it 
will  soon  be  up  to  case  workers  to  make 
that  adjustment.  Donna  Ramos-Johnson, 
associate  director  of  the  modernization  pro¬ 
gram  in  the  office  of  the  chief  technology 
officer,  says  that  developers  will  be  happy 
to  unload  these  maintenance  duties.  End 
users,  on  the  other  hand,  aren’t  thrilled  to  be 
taking  on  the  job,  a  conflict  that  she  admits 
could  become  a  challenge  in  the  future. 

Power  to  the  People 

But  given  ongoing  financial  restraints  in  IT 
and  the  rapid  advancements  in  technology 
that  let  end  users  create  powerful  applica¬ 
tions,  Oregon  State’s  Burnett  and  others  say 
that  end  user  development  activity  will  only 
become  more  prevalent.  One  interesting 
tool  from  a  small  company  called  Agent 
Sheets  even  lets  end  users  interact  with 
Web-based  applications  using  their  voices. 
But  speech  recognition  (perhaps  the  ulti¬ 
mate  example  of  an  intuitive  interface)  is 
not  going  to  factor  into  wide-scale  end 
user  development  efforts  for  a  while.  Yet 
as  Burnett  of  Oregon  State  says,  that  doesn’t 
matter.  End  users  will  continue  to  develop 
their  own  software  applications,  and  do  so 
in  increasing  numbers.  CIOs  and  their  IT 
departments  had  better  get  used  to  the 
idea.  Better  yet,  says  Burnett,  CIOs  should 
learn  to  take  advantage  of  end  users’  do-it- 
themselves  tendencies  by  helping  them 
help  themselves. 


Megan  Santosus  is  a  freelance  writer.  Send 
comments  on  this  article  to  ctindquist@cio.com. 


Silicon  Salvation 

SILICON  |  Waste  is  one  of  the  biggest  enemies  for  any  computer  chip  manufacturer.  Every 
piece  of  silicon  scrapped  because  it  doesn’t  quite  reach  the  perfectionist  goals  of  its  maker 
increases  costs  and  reduces  profit  potential.  But  research  at  the  University  of  Southern  Cali¬ 
fornia  may  one  day  give  chip  makers  a  chance  to  turn  processors  that  would  be  thrown  away 
today  into  productive  silicon  tomorrow. 

Melvin  Breuer,  an  electrical  engineering  professor  at  USC’s  Viterbi  School  of  Engineering, 
says  that  research  at  the  university  may  eventually  let  chip  manufacturers  take  not-quite- 
perfect  products  and  sell  them  for  other  purposes  in  which  any  flaws  would  go  unnoticed. 

The  core  of  the  research— led  by  Breuer,  Viterbi  professor  S.K.  Gupta  and  others  at  the 
school— revolves  around  innovative  testing  techniques  that  would  let  manufacturers  effi¬ 
ciently  identify  flaws  on  a  processor  and  determine  if  those  specific  flaws  would  result  in 
errors  for  various  types  of  applications. 

"Assuming  an  average  yield  of  50  percent,  the  digital  [integrated  circuit]  industry  scraps 
about  50  percent  of  their  product,”  Breuer  says.  "What  if  10  percent  to  40  percent  of  this 
scrap  gave  acceptable  performance  for  some  applications— like  in  video  cards  used  in 
games,  .jpeg  and  .mpeg  compression  used  in  digitizing  and  transmitting  images,  chips 
that  carry  out  speech  analysis  and  translation,  digital  cameras  and  so  on?” 

Technical  and  political  hurdles  remain,  of  course  (such  as  convincing  chip  manufacturers 
that  selling  flawed  chips  won’t  damage  their  reputations).  But  Breuer  notes  that  early  suc¬ 
cess  in  his  research  has  started  to  get  the  attention  of  the  industry,  with  one  manufacturer 
donating  a  collection  of  1,000  flawed  chips  for  testing  purposes.  And  where  he  had  trouble 
getting  any  attention  for  his  work  nine  years  ago,  he  now  has  a  number  of  financial  backers, 
including  the  National  Science  Foundation  and  other  industry  sources.  The  technology  isn’t 
a  guaranteed  winner  yet.  But  if  the  research  does  lead  to  usable  techniques,  "the  impact  will 
be  in  the  billions  of  dollars,”  Breuer  says.  -Christopher  Lindquist 


www.cio.com  |  MAY  15.  2005 


75 


essential  technology 


Smart  Services 
Bundle 

Rearden  Commerce  demonstrates 
the  promise  of  software  as  a  service 


BY  ERIC  KNORR 

HOSTED  SOFTWARE  |  If  I  had  any 

doubts  about  the  momentous  shift  from 
packaged  software  to  software  as  a  service, 
Patrick  Grady,  CEO  of  Rearden  Commerce, 
dispelled  them.  Rearden’s  first  offering, 
Employee  Business  Services  (EBS),  is  a  new 
class  of  application  that  couldn’t  exist  unless 
it  was  hosted  by  the  provider, 

Grady  first  described  EBS  to  me  in  Janu¬ 
ary,  when  Rearden  was  ending  five  years  of 
istealth  mode.  He  called  EBS  “Hailstorm  on 
a  Java  platform,”  a  reference  to  Microsoft’s 
failure  to  evolve  Passport  into  a  hosted  iden¬ 
tity  service.  Hailstorm  initially  targeted 
consumers,  but  EBS  goes  after  business 
and  adds  two  things  that  Microsoft  never 
proposed:  an  on-demand  marketplace  of 
business  services  and  a  hosted  enterprise 
application  to  control  and  analyze  the  pur¬ 
chase  of  those  services  by  employees.  (These 
features  were  hook  enough  for  Rearden  to 
catch  several  early  customers— including 
Whirlpool  and  Motorola.) 

EBS  draws  a  circle  around  a  huge  area  of 
business  spending  in  which  enterprise  soft¬ 
ware  has  failed  to  gain  traction— travel, 
shipping,  teleconferencing,  and  meals  and 
entertainment— and  provides  a  means  for 
ordering  those  services  according  to  indi¬ 
vidual  preferences  and  company  policy.  The 
back  end  of  Rearden’s  platform  is  a  services 
“grid,”  in  which  providers  from  DHL  to 
OpenTable.com  plug  in  via  Web  services. 

EBS  is  customized  to  each  user  by  default. 


First,  management  must  rationalize  its 
policies  and  procedures  for  services  pro¬ 
curement.  Then,  a  policy  or  procurement 
manager  uses  the  EBS  interface  to  enter 
those  company  policies  and  workflows  for 
groups  of  users  within  the  organization. 

A  Java-based,  event-driven  service- 
oriented  architecture  (SOA)  then  breaks 
business  processes  into  a  set  of  reusable  Web 
services.  According  to  Grady,  much  of  the 
effort  creating  EBS  involved  isolating  a  set  of 
80  common  denominator  business  services 
attributes  as  well  as  creating  Services  Busi¬ 
ness  Language  (SBL),  an  orchestration  lan¬ 
guage  cooked  up  primarily  by  Satnam  Afag, 
Rearden’s  chief  architect,  and  his  team. 

Alag  has  an  interesting  answer  as  to  why 
Rearden  didn’t  use  Business  Process  Exe¬ 
cution  Language  (BPEL),  which  most  of  the 
industry  seems  to  have  endorsed  for  Web 
services  orchestration:  “BPEL  doesn’t  really 
make  sense  within  an  on-demand,  internal 
services  orchestration.”  For  one  thing,  in  the 
contained  environment  of  EBS,  he  doesn’t 
have  to  worry  about  orchestrating  services 
across  a  ragtag  infrastructure  of  legacy  sys¬ 
tems,  as  BPEL  was  designed  to  do.  “The 
moment  you  simplify  the  problem  a  little  bit 
in  terms  of  an  on-demand  infrastructure, 
the  problem  gets  a  lot  more  manageable  and 
more  scalable,”  Alag  says. 

The  benefit  for  customers  is  theoretically 
huge.  Instead  of  filling  in  shipping  labels  or 
making  phone  reservations  (and  following 


Employee 
Business 
Services  draws 
a  circle  around 
a  huge  area 
of  business 
spending  in 
which  enterprise 
software  has 
failed  to  gain 
traction. 

company  policy  on  such  expenses  if  they 
feel  like  it  or  remember  it),  business  users 
fill  in  Web  forms  and  choose  from  preferred 
providers.  Grady  estimates  that  the  savings 
in  hard  costs  should  run  up  to  20  percent 
and  that  the  elimination  of  manual  proce¬ 
dures  should  save  much  more.  And  because 
Rearden  runs  one  huge  instance  of  EBS  with 
many  accounts  across  a  virtualized  infra¬ 
structure,  every  time  the  company  adds  a 
service  provider,  it  becomes  instantly  avail¬ 
able  to  all  customers. 

It’s  stunning  to  see  so  much  of  the  poten¬ 
tial  of  Web  services  rolled  into  one  offering: 
software  as  a  service,  B2B  transactions  over 
the  Internet,  mass  customization,  a  thor¬ 
oughly  componentized  application  infra¬ 
structure  and  a  HailStorm-like  paradigm 
that  puts  the  user  first.  Rearden  may  or  may 
not  succeed  as  a  business,  but  it’s  already 
broken  more  new  ground  in  one  place  than 
I’ve  seen  in  a  long,  long  time. 


Eric  Knorr  is  executive  editor  at  large  for  InfoWorld. 
He  can  be  reached  at  eknorr@pacbell.net. 


76 


MAY  15,  2005  |  www.cio.com 


Middleware  is  Everywhere 


Can  you  see  it? 


JBM,  the  IBM  logo,  WebSphere  and  the  On  Demand  logo  are  registered  trademarks  or  trademarks  of  International  Business  Machines  Corporation  in  the  United 
States  and/or  other  countries.  ©2005  IBM  Corporation.  All  rights  reserved. 


J|P 

HP 

WebSphere 

MIDDLEWARE  IS  IBM  SOFTWARE.  Powerful 

WebSphere  software.  For  an  integrated  IT  environment 
that  makes  your  business  more  flexible.  WebSphere 
delivers  a  secure,  scalable  platform.  Enabling  a  service- 
oriented  architecture.  So  your  business  can  respond 
faster.  More  efficiently.  To  partners,  vendors  and  customers. 
With  no  ripping.  No  replacing.  No  headaches.  No  kidding. 

1.  Deductible  viewed  quickly. 

2.  Claim  info  filed  accurately. 

3.  Vendor  receives  complete  data. 

4.  Quotes  researched  easily. 

5.  Great  service  boosts  policy  sales. 

Middleware  for  the  on  demand  world.  Learn  more  at  ibm.com/middleware/flexible  ^3  BUSINESS 

.. ■■■  IE?  &  5 

FROM  THE  PUBLISHER 


THE  RESOURCE  FOR  INFORMATION  EXECUTIVES 


Blog  Away 

Blogs  are  gaining  popularity  as  a  way  to  get  and 
disseminate  information.  But  beware  the  blogger’s 
motives  and  lack  of  professionalism. 

Blogs  are  public  journals  on  the  Web  in 

which  writers  informally  post  their  thoughts, 
comments  and  philosophies. 

Consider  this  column  my  blog  about  blogs 
summed  up  in  three  words:  blah,  blah,  blah! 

For  most  technology  professionals,  the  one  com¬ 
modity  they  can’t  afford  to  waste  is  time.  And  in  my 
opinion,  most  blogs  are,  indeed,  a  waste  of  time. 

Many  of  us  read  blogs  and  contribute  to  blogs 
ourselves.  If  you  frequent  blogs,  I  caution  you  to 
weigh  the  contents  carefully.  It  might  be  useful,  for  instance,  to  try  to  determine 
why  the  person  has  created  the  blog.  Does  it  support  the  blogger’s  self-interest  or 
livelihood  in  some  way?  And  then,  there  are  quality  issues.  Does  the  author 
seem  knowledgeable?  Is  the  site  frequently  updated  by  the  author?  And  per¬ 
haps  most  important,  is  the  blog  edited? 

By  their  makeup,  most  blogs  are  not  edited,  nor  are  they  written  by  professional 
journalists.  Not  that  professional  journalists  are  100  percent  accurate.  But  the  edit¬ 
ing  process  weeds  out  most  of  the  biased,  incorrect  information.  For  the  record: 
CIO  offers  blogs  on  our  website  (see  them  at  www.cio.com/blogs).  However,  the 
bloggers  are  CIO  journalists,  and  our  blogs  are  edited  before  they  appear  online. 

Technology  bloggers  see  themselves  as  the  voice  of  the  customer,  a  counter¬ 
balance  to  corporate  websites.  They  may  have  a  point:  Have  you  ever  down¬ 
loaded  a  white  paper  from  a  vendor’s  website  that  posed  negative  questions 
about  the  vendor?  Besides,  corporations  are  now  blogging  themselves.  (One  ad 
agency  offers  a  “starter  kit”  to  businesses  interested  in  starting,  monitoring  and 
advertising  their  wares  on  corporate  blogs.) 

Be  careful,  too,  about  fellow  bloggers.  Some  organizations  hire  people  with 
expertise  in  a  particular  area  to  lurk  on  blogs.  These  stealth  bloggers  hang  out 
until  they  are  viewed  as  trusted  contributors.  Then,  they  “mention”  a  product 
they  have  just  “tried,”  never  overtly  endorsing  the  product. 

The  final  word  about  blogs?  Trust.  Continue  blogging  if  you  trust  the  blogger, 
its  content  and  its  members.  If  you  don’t,  don’t  waste  your  time. 


president  and  ceo  Walter  Manninen 
editorial  director  Lew  McCreary 
publisher  Gary  J.  Beach 


'■A 

ft 

a 


i 


I 


CXO  MEDIA 

CIRCULATION 

svp,  circulation  Carol  A.  Spach 
circ.  dir.  Faith  Marcello 
subscription  svcs.  supervisor  Tina  Pescaro 

CIO  EXECUTIVE  COUNCIL 

general  manager  Mark  Hall 
executive  director  of  content  Richard  Pastore 
director  of  program  Shaw  Lively 
dir.,  external  relations  Karen  Fogerty 
DIR.,  PROGRAM  DEVELOPMENT  David  Lien 

marketing  communications  manager  Jennifer  Baker 
member  services  managers  Bill  Golden,  Carrie  Mathews 
program  managers  Mincy  Hogan,  Jennifer  Riley, 
Steve  Rovniak,  Stacy  Sudan,  Greg  Szumowski 
operations  specialist  Lisa  Byron 

EXECUTIVE  PROGRAMS 

svp,  executive  programs  Jennifer  Richards 
vp,  conference  mgmt.  Cynthia  Moilus 
director  of  marketing  Mary  Cardwell  directors, 
business  development  Chris  Mattoon,  John  Vulopas 
dir.,  event  planning  Amy  Turell  conference  manager 
Judith  Kittredge  program  ops.  mgr.  Brian  Fuce 
event  planner  Sarah  Yee  designer  Andrea  Slobogan 

ONLINE  &  INFORMATION  SYSTEMS 

cio  Mark  Hall 

online  e-commerce  mgr.  Andrew  Burrell  online 
production  specialist  Rupal  Patel  online  producers 
Todd  Borglund,  Shannon  MacDonald,  Jennifer  McCarthy 
information  systems  dir.,  i.t.  Dagmar  Eiben 
infrastructure  manager  James  C.  Burgoyne 
user  services  manager  Ron  Bettencourt 
sr.  user  services  specialist  Michael  Fahlsing 
sr.  i.t.  specialist  Jonathan. Frappier 
system  administrator  Robert  Reagan 
user  support  specialist  Gloria  Lam 
sr.  web  developers  Sean  McCracken,  Ellen  Morey 
assoc,  web  developer  Anthony  Servideo 

PRODUCTION 

vp,  manufacturing  Chris  Cuoco 
sr.  production  manager  Lee  Tuttle 
sr.  production  coordinator  Lisa  Stevenson 


< 

x 

o 

CD 

00 


5 

> 

CD 

o 

I — 

o 

X 

CL 


MARKETING 

evp/cmo  Cathy  O'Leary  Hayes 
svp,  news  &  information  Susan  Watson 
program  administrator  Lori  Piscatelli 
publicist  Rick  Sheehy  dir.,  marketing  research 
Bridget  Cammarata  marketing  research  managers 
Carolyn  Johnson,  Dylan  DIGregorio 
sr.  director,  marketing  comm.  Sue  Yanovitch 
sr.  marketing  comm,  specialist  Susan  Maloney 
marketing  comm,  coordinator  Lynn  Holmlund 

ADMINISTRATION 

dir.,  finance  Margarita  Chiango  finance  &  operations 
analyst  Chris  Bernardi  executive  assistant 
to  the  president  Diane  Martin  billing  specialist 
Joyce  Gillis  facilities  speci  alist  John  Kelley 
office  services  coordinator  Mary  E.  Wooldridge 

HUMAN  RESOURCES 

vp.  human  resources  Patricia  Chisholm 
human  resources  director  Tanya  Bureau 
sr.  hr  representative  Beth  S.  Ramlstella 


international  data  group 
ceo  Pat  Kenealy 

board  chairman  Patrick  J.  McGovern 

#BPA 


78 


MAY  15,  2005  |  www.cio.com 


Middleware  is  Everywhere 


Wi&:  ■  :<m 

MIDDLEWARE  IS  IBM  SOFTWARE.  IBM  Workplace 
transforms  productivity.  Collaborate  better  with  colleagues, 
partners  and  suppliers  -the  whole  team.  IBM  Workplace 
offers  fast  access  to  critical  information  based  on  your 
role.  With  all  of  the  collaborative  tools  you  need  to  work 
efficiently  in  one  environment,  you  can  make  better,  more 
informed  decisions.  Faster.  It’s  simply  a  better  way  to  work. 

IBM  Workplace 

1.  IMs  stockroom  for  ’01  merlot. 

2.  Conferencing  with  design  partners. 

3.  Orders  from  vendor,  wirelessly. 

4.  Driver  receives  last-minute  order. 

5.  Delivers  orders  quickly,  accurately. 

Middleware  for  the  on  demand  world.  Learn  more  at  ibm.com/middleware/workplace  DEMAND  BUSINESS 

IBM,  the  IBM  logo,  Workplace  and  the  On  Demand  logo  are  registered  trademarks  or  trademarks  of  International  Business  Machines  Corporation  in  the  United 
States  and/or  other  countries.  ©2005  IBM  Corporation.  All  rights  reserved. 

August  21-23,  2005 
Hotel  del  Coronado 
Coronado,  California 


Bold  executives  play  to  win.  They  stake 
out  new  territory,  foster  innovation  and 
embrace  risk  for  the  sake  of  reward.  Their 
business  strategy  is  founded  on  the  premise 
of  reinvention.  They  embrace  change  and 
expect  challenge  on  their  way  to  creating 
unprecedented  growth  and  value. 

Join  us  at  the  seventh  annual  CIO  lOO 
Symposium  &  Awards  to  hear  from  innova¬ 
tive  leaders  and  industry  experts  who  say 
“Yes,  I  am  Bold!” 

Register  Now. 

Space  is  limited  —  don’t  miss  out! 

800.355.0246  or 
www.  cio.  com/conferences 

Proudly  Underwritten  by: 

irvtel.  Sybase 

X  cinqular 

WIRELESS 


Presented  by: 


The  Resource  for 
Information  Executives 


Session  Highlights 


SPONSORS 


CIO  Roundtable®  Discussion  Groups 

Join  CIO  magazine  editors  and  fellow  CIOs 
as  we  form  small  groups  to  discuss  topics 
suggested  by  your  CIO  peers. 

Designing  the  Future 

Many  sophisticated  companies  are  turning  to 
design  schools  for  a  new  edge.  Discover  how 
you  can  become  a  real  innovator. 

Innovation  in  Customer  Service 

Customer  service  is  downright  crucial  to 
success.  Award-winning  CIOs  talk  about  how 
IT  delivers  cutting-edge  customer  service  at 
their  organizations. 

Building  Innovation  in  IT 

What  makes  some  IT  organizations  adept 
at  innovation?  Is  it  luck,  talent  and 
timing,  or  is  it  an  approach  that  can  be 
learned?  CIOs  share  how  they've  made 
innovation  a  key  part  of  their  organizations. 

A  Global  Community 
Resolves  R&D  Problems 

Companies  such  as  Lilly,  Dow,  BASF,  P&G, 
Rohm  and  Haas  and  DuPont  draw  on  the 
talents  of  the  InnoCentive  global  scientific 
community.  What  are  the  lessons  we  can 
learn  from  its  creation  and  success? 


Leadership:  Great  Ideas  Need 
Great  Execution 

Noted  CIO  columnist  Michael  Schrage  argues 
that  organizations  fall  into  a  trap  when  it 
comes  to  innovation  by  focusing  too  much 
energy  on  the  beginning  of  the  process  and 
not  enough  on  the  details  of  execution.  But 
you  can  avoid  the  trap! 

To  Boldly  Go... The  Future 
of  the  Internet 

What  can  we  do  to  further  the  boom  in 
Internet  innovation  while  managing  the 
forces  that  will  otherwise  throttle  it? 

Support  Innovation  Through 
Business  Processes 

Do  your  business  processes  enable  your 
organization  to  efficiently  develop  products 
and  effectively  manage  the  workflow  or  are 
they  more  apt  to  stifle  innovation? 

A  Primer  on  Promising  Technologies 

What  innovative  technologies  are  really 
cool  —  and  have  real-world  business 
applications?  Savvy  executives  share  their 
thoughts  on  what  we'll  be  buying  —  and  why. 

Balancing  People  and  Priorities 

Our  panel  shares  some  of  the  tools  and  best 
practices  leading  CIOs  use  to  foster  innova¬ 
tion  while  meeting  the  rigorous  demands  for 
productivity  and  efficiency. 


Celebrate  the  2005  CIO  100  Winners  at  the  Gala  Dinner  and  Awards 
Ceremony  Tuesday  evening! 

Join  us  August  21-23, 2005 

Hotel  del  Coronado,  Coronado,  California 

Call  or  visit  800.355.0246  or  www.cio.com/conferences 


^equanf 

FUJITSU 


i  R 1  s  e 


(T>  PRIMAVERA 


SALES  AND  SERVICES 


CIO  SALES  OFFICES 

President  and  CEO 

Walter  Manninen  •  508  935-4101 

Publisher 

Gary  J.  Beach  •  508  935-4202 

Executive  VP  Sales/Custom  Publishing 

Ellen  Romanow  •  508  935-4796 

EAST  COAST 

Senior  Vice  President, 

Sales  and  Integrated  Solutions/East 

Joan  Kelly  •  508  935-4586 

Regional  Sales  Director 

Kathy  Powers  •  201 634-2331 
Regional  Sales  Manager 
Ellie  Schwab -201 634-2332 
District  Sales  Manager 
Andrew  Haney  •  508  988-7863 
Fax  •  508  879-6063 
Account  Executive 
Joan  Bonadeo  •  201 634-2328 
Senior  Sales  Associate 
Rhonda  Goodman  •  201 634-2329 
Fax  •  201 634-9513 

NEW  ENGLAND 

Senior  Vice  President, 

Sales  and  Integrated  Solutions/East 

Joan  Kelly -508  935-4586 
Account  Executive 

Dav/n  Cora  •  508  935-4092 
Fax  •  508  879-6063 

SOUTHCENTRAL 

Regional  Director/Advertising  Sales 

Robert  E.  Sawdon  •  512  306-9801 

Account  Executive 

Brenda  Garza  •  512  306-9801 
Fax  •  512  306-9805 


NORTH  CENTRAL 

Senior  District  Sales  Manager 

Beth  DeVillez  •  847  759-2727 
Advertising  Sales  Associate 

Kim  Giovanni  •  847  759-2728 
Fax  •  847  759-2729 

WEST  COAST 

VP,  Sales  and  Integrated  Solutions/West 

Bob  Melk  •  415-975-2685 

Senior  Regional  Sales  Managers 

Ai  Collins  -415  975-2686 

Regional  Sales  Manager 

Kevin  Ebmeyer  •  415  975-2684 

Account  Executive 

Derek  Jung -415  975-2683 
Fax  •  415  543-2358 

Senior  Sales  Associate 

Sara  Mascall  •  415  978-3385 

SOUTHERN  CALIFORNIA 

Regional  Sales  Manager 

Kevin  Ebmeyer  •  415  975-2684 

LIST  SERVICES 

List  Services  Director 

Kathryn  A.W.  Marston  •  508  935-4072 

List  Services  Account  Executive 

Stephanie  Roy  •  508  935-4151 

ONLINE  SERVICES 

VP/Online  Sales 

Lisa  Brown  •  508  935-4470 

Western  Online  Sales  Manager 

Jennell  Hicks -415  243-8585 

Online  Account  Executive 

Danielle  Tetreault  •  508  988-6770 


CUSTOM  PUBLISHING 

Group  Director 

Michael  Siggins  •  508  988-6763 
Director  Mary  Gregory  •  508  988-6765 

Director  of  Content  Development  Tom  Field 
Assoc.  Director  of  Content  Development 

Anne  Stuart 

Senior  Project  Manager  Amy  Greenleaf 
Project  Managers 

John  Danielowich,  Jon  Heinrich 

Associate  Project  Manager 

Michelle  Sooknanan 

REPRINT  SERVICES 

For  article  reprints  (500  quantity  or  more), 
please  contact  Jesse  Levy  at  PARS 
International  at  212  221-9595  xl23  or 
via  e-mail  at  jesse@parsintt.com. 

CIO  IS  PUBLISHED  IN  THE 
U.S.  AS  WELL  AS  IN: 

Australia,  CIO  Australia  www.idg.com.au 
Canada,  CIO  Canada  www.lti.on.ca/cio 
China,  CEO  &  CIO  China  www.ceocio.com.cn 
France,  CIO  France  www.idg.fr/cio 
Germany,  CIO  Germany  www.cio.de 
India,  CIO  India  91-80-521-0309/12 
Japan,  CIO  Japan  www.idg.co.jp 
The  Netherlands,  CIO  Netherlands  www.cio.nl 
New  Zealand,  CIO  New  Zealand  www.idg.co.nz 
Norway,  CIO  Business  Standard 
www.business-standard.no 
Poland,  CXO  Poland  www.cxo.pl 
Singapore,  CIO  ACEN/Hong-Kong 
www.idg.com.sg 

South  Korea,  CIO  Korea  www.cio.seoul.kr 
Sweden,  CIO  Sweden  www.cio.idg.se 

For  further  sales  information,  visit 

www2.cio.com/marketing/aboutcio/ 

contacts.cfm. 


C/O  CONTACT 
INFORMATION 

Editorial,  Advertising  and  Business 
Offices:  CXO  Media  Inc.,  492  Old 
Connecticut  Path,  P.O.  Box  9208, 
Framingham,  MA  01701-9208, 

508  872-0080. 

CIO  (ISSN  0894-9301)  is  published 
semimonthly  and  as  a  combined 
issue  Dec.  15/Jan.  1  by  CXO  Media 
Inc.  Periodicals  postage  paid  at 
Framingham,  MA,  and  at  additional 
mailing  offices.  Canada  Publications 
Mail  Agreement  Number  1902075. 
CANADIAN  POSTMASTER:  Please 
return  undeliverable  copy  to  P.O.  Box 
1632,  Windsor,  ON  N9A7C9. 

Permissions:  Copyright  2005  by 
CXO  Media  Inc.  All  rights  reserved. 
Reproduction  of  material  appearing 
in  CIO  is  forbidden  without  written 
permission.  Send  all  requests  to 
Permissions  Department,  CIO, 

492  Old  Connecticut  Path, 

P.O.  Box  9208,  Framingham,  MA 
01701-9208. 

Photocopy  Rights:  Permission  to 
photocopy  for  internal  or  personal 
use  or  the  internal  or  personal  use  of 
specific  clients  is  granted  by  CIO  for 
users  through  the  Copyright  Clear¬ 
ance  Center,  provided  that  the  base 
fee  of  $3  per  copy  of  the  article,  plus 
$.50  per  page  is  paid  directly  to 
Copyright  Clearance  Center,  27 
Congress  Street,  Salem.  MA  01970. 
Please  specify:  ISSN  0894-9301. 
Permission  to  photocopy  does  not 
extend  to  contributed  articles 
followed  by  this  symbol:  $. 


INDEX  OF  COMPANIES  AND  ADVERTISERS 


Page  numbers  refer  to  the  first  page  of  the  article(s)  in  which  the  company  has  a  substantial  mention. 

This  index  is  provided  as  a  service  to  readers.  The  publisher  does  not  assume  any  liability  for  errors  or  omissions. 


COMPANY  INDEX 


7-Eleven  Inc . 52 

AgentSheets  Inc . 71 

AIG  American  General . 23 

Air  Canada  . 66 

American  Axle  &  Manufacturing 

Inc . 58 

AMR  Research  Inc . 58 

Apptero  Inc . 71 

A.T.  Kearney  Inc . 46 

Bank  of  America  Corp . 23 

BNSF  Railway  Co . 46 

Boeing  Co . 58 

ChoicePoint  Inc . 23 

ClMdata  Inc . 58 

CITGO  Petroleum  Corp . 52 

CNA  Financial  Corp . 46 

Coca-Cola  Co . 52 

Computer  Sciences  Corp . 23 

DaimlerChrysler  AG  . 58 

Dassault  Syste'mes  . 58 

Del-Air  Heating,  Air  Conditioning 

and  Refrigeration  Inc . 66 

Delmia  Corp . 58 

DHL  International  GmbH . 71 

EUSES  . 71 

Ford  Motor  Co . 58 


82  MAY  15,  2005| 


Forrester  Research  Inc . 46 

Frito-Lay  Inc . 52 

Gartner  Inc . 46 

General  Motors  Corp . 58 

Google  Inc . 23 

Hudson  Highland  Group  Inc.  .  .  23 

I  LOG  Inc . 71 

Intuit  Inc . 71 

iRise  Inc . 71 

Isis  Pharmaceuticals  Inc . 71 

Javelin  Strategy  &  Research  .  .  23 

Johnson  &  Johnson . 23 

LexisNexis  Group . 23 

Lubrinco  Group . 46 

McGraw-Hill  Companies  Inc.  .  .  58 

Microsoft  Corp . 71 

Motorola  Inc . 71 

NCCI  Holdings  Inc . 71 

NCR  Corp . 52 

NeolT  Inc . 46 

Network  Services  Co . 38 

OpenTable  Inc . 71 

PeopleSoft  Inc . 71 

Pratt  &  Whitney  Canada  Corp. 

. 58 

Pronto  Networks  Inc . 23 

Quantrix  Inc . 71 


www.cio.com 


Rearden  Commerce  Inc . 71 

Robert  Half  Technology . 23 

ROMCO  Equipment  Co . 71 

Science  Applications  International 

Corp . 23 

Seisint  Inc . 23 

Sentara  Healthcare  . 71 

Sony  Electronics  Inc . 46 

St.  Paul  Travelers  Cos.  Inc.  ...  23 

Sun  Microsystems  Inc . 71 

SuperShuttle  International  Inc. 

. 66 

Tatum  Partners  . 46 

Tower  Group  Inc . 46 

Tropos  Networks  Inc . 23 

UGS  Corp . 58 

United  Parcel  Service  Inc . 66 

Vertigo  Software  Inc . 71 

Vettro  Corp . 66 

VMware  Inc . 46 

Whirlpool  Corp . 71 

Xora  Inc . 66 


Zurich  American  Insurance  Co. 
. 10 

ADVERTISER  INDEX 

Akamai  Technologies  Inc . C3 


Asian  Development  Bank . 15 

Borland  Software  Corp . 29 

Canon  . 2 

Cingular  Wireless  . 65 

Cisco  Systems  Inc . 55,  57 

CXO  Media  Inc . 70,  80,  83 

Fujitsu  Computer  Systems  Corp. 


Hyperion  Solutions  Corp . 41 

IBM  Corp . 77,  79 

Intel  Corp . 20 

Internet  Security  Systems  ....  16 

LaSalle  Bank  . 19 

Microsoft  Corp . C2,  32,  43 

Oracle  Corp . 25 

Protiviti  Inc . 35 

Riverbed  Technology  Inc . 27 

Samsung . 7 

SAS . 22 

Sprint  3 . 7 

Sun  Microsystems  Inc . 8 

SunGard  Availability  Services  ...  73 

Sybari  Software . 39 

Tripwire  Inc.  (regional) . 63 

VeriSign  Inc . 11 

Verizon  Wireless  . 4 

Xerox  Corp . 12,  31 


Subscriptions:  CIO  is  free  to 
qualified  information  executives.  To 
apply,  use  our  online  subscription 
form  at  www.subscribe.cio.com. 
Subscriptions  are  also  available  on 
a  paid  basis  at  a  rate  of  $95  for  the 
United  States  and  Canada,  $195 
International  (payable  in  U.S.  funds 
only)  and  may  be  ordered  online  at 
www.subscribe.  cio.  com/services,  html. 
Or  address  inquiries  to  CIO,  P.O. 

Box 489,  Northbrook,  IL  60065- 
0489:  866  354-1125.  Please  allow 
four  to  six  weeks  for  a  new  subscrip¬ 
tion  to  begin.  The  single  copy  price 
is  $9  for  the  United  States  and 
Canada,  and  $15  International. 
Prepayment  is  required,  payable  in 
U.S.  funds. 

Change  of  Address:  Please  go  to 
www.omeda.com/custsrv/cio  and 
follow  the  online  instructions. 

Postmaster:  Send  change  of 
address  to  CIO,  P.O.  Box  489, 
Northbrook,  IL  60065-9816. 

Printed  in  the  U.S. A. 


November  6-8,  2005 

Wild  Horse  Pass  Resort,  Phoenix,  AZ 


www. cio.com/conferences 
800.366.0246 


The  Year  Ahead 

Issues  ►  Ideas  ►  Impact 

Get  Set  for  the  Year  Ahead! 

CIOI06:  The  Year  Ahead  will  focus  on  identifying 
and  discussing  majortrends  that  will  impact 
CIOs  and  their  responsibilities.  We'll  take  you 
from  the  big  picture  and  drill  down  through  the 
issues  that  will  affect  you  in  the  next  12-24 
months. 

Join  us  as  we  explore  the  most  successful 
approaches  and  strategies  that  will  help  you 
Get  Set  for  The  Year  Ahead. 


Presented  by 


The  Resource 
for  Information 
Executives 


Sponsored  by 

^equant 


iRise 

VISUALIZE  INNOVATE  DELIVER  v 


CIO  |06  The  Year  Ahead 


In  order  to  ensure  a  true  peer  group  experience,  all  attendees  must  meet 
CIO  Executive  Programs’  qualifications. 


05.15.05  EXECUTIVE 


'Cutting  metal  to  produce  a  product 
is  very  slow  and  very  expensive,”  says 
Pratt  &  Whitney  CIO  Amal  Girgis. 


58  |  VIRTUALLY 
FLAWLESS? 

|  he  idea  behind  digital  manu¬ 
facturing,  which  is  coming 
A  on  strong  in  the  automotive 
and  aerospace  industries,  is  to  use  tech¬ 
nology  to  develop  a  manufacturing 
plan  and  manufacturing  equipment 
simultaneously  with  a  product.  The 
payoff  is  that  design  flaws,  manufac¬ 
turing  kinks  and  inefficient  processes 
can  be  corrected  early  in  the  process 
when  changes  will  cause  little  disrup¬ 
tion  to  critical  time-to-market  sched¬ 
ules.  The  potential  cost  savings  is 
huge.  And  it’s  the  CIO,  in  partnership 
with  engineering  and  manufacturing, 
who  can  deliver  those  savings.  The 
CIO  can  identify  the  relevant  tech¬ 
nologies  and  be  the  change  agent 
who  facilitates  all  the  new  business 
processes  and  organizational  transfor¬ 
mations  that  need  to  occur.  Plenty  of 
traditional  IT  responsibilities  are  also 
associated  with  digital  manufacturing, 
including  creating  a  data  integration 
strategy  to  sync  up  with  other  core 
business  systems.  By  Beth  Stackpole 


summarie 


46  |  DON'T  MAROON  SECURITY 

U.S.  COMPANIES  ROUTINELY  UNDERESTIMATE  the  risks  introduced  into  the 
offshore  outsourcing  equation  by  factors  such  as  ramshackle  infrastructures,  unstable 
governments  and  legal  systems  that  neither  recognize  nor  reflect  Western  concepts  and 
standards.  When  sending  work  offshore,  too  many  companies  are  willing  to  accept  the 
assurances  of  their  providers.  But  others  have  found  that  keeping  control  of  security  is 
best.  That  means  walling  off  work  areas,  slicing  up  server  farms  and  keeping  employees 
working  on  jobs  exclusive  to  one  customer.  Unfortunately,  these  controls  are  at  odds  with 
the  basic  economic  foundations  of  outsourcing— scale,  sharing  and  repeatability.  This 
challenges  CIOs  to  define  acceptable  risk,  outline  security  measures  (in  the  contract 
wherever  possible)  and  monitor  their  enforcement.  By  Christopher  Koch 

52 | COVER  STORY 

WHO'S  MINING  THE  STORE? 

IN  THE  FIRST  OF  A  NEW  SERIES  of  interviews  with  CEOs  and  other  board-level  busi¬ 
ness  executives  called  “View  from  the  Top,”  7-Eleven  President  and  CEO  James  Keyes 
describes  how  the  convenience  store  chain  leverages  customer  data  to  support  in-store 
decision  making— a  critical  effort  at  a  time  when  7-Eleven’s  traditional  niche  is  being 
invaded  by  everyone  from  Walgreens  to  Wal-Mart.  Prior  to  Keyes’  ascension  to  the  CEO 
role  in  2000, 7-Eleven  had  little  in-store  IT  and  delegated  stocking  decisions  to  its  vendors. 
Following  a  model  established  at  7-Eleven  Japan,  Keyes  set  out  to  change  that,  bringing  CIO 
Keith  Morrow  and  the  IT  group  into  company  retail  strategy.  Keyes  also  discusses  how  he 
decides  what  projects  to  fund  and  what  he  learned  from  the  chain’s  failed  financial  services 
kiosk  project.  By  Christopher  Koch 

66  |  WATCH  CAREFULLY 

MONO ORING  TECHNOLOGIES  such  as  RFID  and  GPS  can  make  employees  grouchy — 
particularly  if  they  believe  their  on-  and  off-the-job  privacy  is  being  compromised.  But  if 
your  implementation  is  properly  planned  and  executed,  your  employees’  reaction  needn’t 
end  up  on  the  local  (or  national)  news.  Openness,  careful  and  sensitive  communication, 
and  a  commitment  to  maintaining  the  trust  of  your  employees  can  go  a  long  way  toward 
turning  what  could  be  perceived  as  invasive  technology  into  technology  that  is  broadly 
accepted  as  invaluable.  Smart  moves  that  companies  can  make  include  explaining  the  busi¬ 
ness  case  clearly,  offering  employees  incentives  to  use  the  new  technology  and  providing 
thorough  training  in  a  technology’s  advantages  and  limits.  By  Christopher  Lindquist 

71  |  ESSENTIAL  TECHNOLOGY: 

MAKING  IT  ON  THEIR  OWN 

END-USER  DEVELOPMENT  may  sound  like  an  oxymoron— or  worse,  a  CIO’s  night¬ 
mare— but  thousands  of  end  users  develop  software  every  day.  For  some,  the  process 
entails  nothing  more  than  entering  formulas  into  a  spreadsheet,  but  others  are  turning  to 
end  user  development  tools  that  provide  far  more  power.  Whether  a  user  is  creating  ad 
hoc  databases,  building  enterprise  application  prototypes  or  reconfiguring  business  rules 
on  the  fly,  this  new  crop  of  tools  offers  the  promise  of  rapid  idea-to-deployment  times  and 
lower  support  costs  for  IT.  But  such  development  can  also  force  CIOs  to  deal  with  software 
built  without  the  normal  controls  found  in  normal  IT  projects.  The  key  is  finding  a  bal¬ 
ance  that  gives  users  tools  they  can  use  effectively  without  turning  the  application  envi¬ 
ronment  into  a  support  quagmire.  By  Megan  Santosus 


84 


MAY  15,  2005  |  www.cio.com 


PHOTO  BY  JULIE  DUR0CHER 


Enterprise  Applications  Soar 
for  Cathay  Pacific  Airways 


Without  Akamai there  is  no  way 
that  a  100%  increase  in  online 
bookings  would  have  occurred." 
fvH  Cathay  Pacific 


Scott  Ohmarr,  Manager,  1 

E-Business  Commercial,  Cathay  Pacific  Airways 


V* 


Cathay  Pacific  trusts  Akamai  to  deliver  more  online  bookings 

Akamai  delivers  more  than  content.  We  deliver  improved  performance  of  Cathay  Pacifies  dynamic 
online  applications,  allowing  passengers  and  agents  to  book  travel  and  check-in  for  reservations 
online  with  ease.  We  deliver  hundreds  of  thousands  of  dollars  in  infrastructure  cost-savings,  enabling 
Cathay  Pacific  to  handle  increased  application  usage  without  investing  in  hardware.  Akamai  delivers 
customer  loyalty,  the  ability  to  handle  traffic  spikes,  and  the  flexibility  for  future  growth. 

Start  driving  application  adoption  online.  Get  our  Enterprise 
Applications:  10  Tips  to  Increase  User  Adoption  and  Productivity  and  learn 
how  Cathay  Pacific  saves  over  $1,000,000  annually  in  our  case  study. 

Call  888-340-4252  or  visit  www.akamai.com/enterpriseapplications. 

The  7 


V  •  '  v  -T'l  •» 


The  Trusted  Choice 
For  Online  Business 


■  •  •  jjftJMWr  J 

©2005  Akamai  Technologies,  Inc.  All  Rights  Reserved.  Akamai  and  the  Akamai  logo  are  registered  trademarks. 


OUR  KNOWLEDGE  OF 
WHAT  CIOs  NEED  GOES  BACK 

-  and  forzuard  - 


A  LONG  WAY. 


While  the  title  of  CIO  may  not  have  existed  65  years 
ago,  that’s  how  long  Fujitsu  has  been  developing 
innovative  technology  solutions  for  the  world’s 
leading  companies. 

Today,  we’re  leveraging  our  multi-billion  dollar 
annual  R&D  budget  to  give  CIOs  the  powerful  new 
enterprise  solutions  they  need  to  automate  even 
the  most  complex  business  infrastructures.  Our 
customers  and  business  units  work  closely  with  our 
research  teams  to  guide  new  product  development. 
This  teamwork  ensures  our  discoveries  make  it  out  of 
the  lab  and  into  the  enterprise. 

Of  course,  there’s  a  lot  more  to  a  $45-billion 
company  than  just  R&D.  Our  high-performance  mobile 
computers,  scalable/reliable  servers,  and  managed  and 
professional  services  also  give  CIOs  all  the  tools  they 
need  for  a  world-class  IT  partnership.  For  details  go  to 
us.fujitsu.com/computers  or  call  1-800-83 1-3 183. 

FUJITSU 

THE  POSSIBILITIES  ARE  INFINITE 


PRIMEPOWER'  Servers 


LifeBook"  Notebooks 


Stylistic*  Tablet  PCs 


PRIMERGY*  Servers 


©2004  Fujitsu  Computer  Systems  Corporation.  Ali  rights  reserved.  Fujitsu,  the  Fujitsu  logo  and  LifeBook  are  registered  trademarks  of  Fujitsu  Limited.  PRIMEPOWER  is  a  trademark  or  registered  trademark  of 
Fujitsu  Limited  in  the  United  States  and  other  countries.  Sylistic  is  a  registered  trademark  of  Fujitsu  Computer  Systems  Corporation.  PRIMERGY  is  a  registered  trademark  of  Fujitsu  Siemens  Computers  GmbH. 


